CVE-2026-0886
Boundary Condition Error in Firefox Graphics Component Causes Crash
Publication date: 2026-01-13
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 147 (exc) |
| mozilla | firefox_esr | to 115.32 (exc) |
| mozilla | firefox_esr | to 140.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-501 | The product mixes trusted and untrusted data in the same data structure or structured message. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability has a CVSS base score of 5.3, indicating a moderate impact. It can lead to a loss of confidentiality but does not affect integrity or availability. It can be exploited remotely without user interaction or privileges.
Can you explain this vulnerability to me?
This vulnerability is caused by incorrect boundary conditions in the Graphics component of Firefox. It affects versions of Firefox earlier than 147, Firefox ESR earlier than 115.32, and Firefox ESR earlier than 140.7.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Firefox to version 147 or later, or Firefox ESR to version 115.32 or later, or ESR 140.7 or later. These versions include fixes addressing the vulnerability in the Graphics component. [1, 2, 3]