CVE-2026-0878
Sandbox Escape in Firefox CanvasWebGL Due to Boundary Error
Publication date: 2026-01-13
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 147 (exc) |
| mozilla | firefox_esr | to 140.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a sandbox escape caused by incorrect boundary conditions in the Graphics: CanvasWebGL component of Firefox. It affects Firefox versions before 147 and Firefox ESR versions before 140.7. Essentially, it allows an attacker to break out of the browser's sandbox environment, potentially enabling unauthorized code execution or actions beyond the intended security restrictions.
How can this vulnerability impact me? :
The vulnerability can allow attackers to escape the browser's sandbox, which is designed to isolate web content and prevent malicious code from affecting the user's system. This can lead to unauthorized code execution or actions within the browser environment, potentially compromising user data or system security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 147 or later, or Firefox ESR to version 140.7 or later, as these versions include fixes addressing this sandbox escape vulnerability. [2]