CRITICAL🇵🇱 Wersja polska

CVE-2026-2778

CVSS 10.0v3.1pub. 2026-02-24upd. 2026-06-30

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

🤖 AI Analysis
How it works

The error results from improper verification of boundary conditions in DOM components: Core & HTML. Incorrect handling of memory boundaries (CWE-119 — buffer overflow or related violation) enables escape from the isolated browser sandbox environment. An attacker can craft a malicious website or email message (in Thunderbird), whose processing by the DOM engine triggers the vulnerability and allows code execution outside the sandbox.

Impact

Successful exploitation of the vulnerability leads to sandbox escape and potentially complete system takeover — the attacker can gain confidentiality, integrity, and availability of system resources (C:H/I:H/A:H in modified scope, S:C).

Mitigation & patch

Update immediately to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8, depending on the update channel in use. Detailed information available in Mozilla security advisories: mfsa2026-13, mfsa2026-14, mfsa2026-15, mfsa2026-16.

Who is affected

Mozilla Firefox before version 148, Mozilla Firefox ESR before versions 115.33 and 140.8, Mozilla Thunderbird before version 148, and Mozilla Thunderbird before version 140.8.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 115.33.0< 148.0128.0 – 140.8.0 (bez)
  • Mozilla Thunderbird

    APP
    Mozilla
    < 140.8.0< 148.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...