FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- multiple vulnerabilities

Affected packages
firefox < 147.0.0,2
firefox-esr < 140.7.0
thunderbird < 147

Details

VuXML ID 085101eb-f212-11f0-9ca3-b42e991fc52e
Discovery 2026-01-13
Entry 2026-01-15

Memory safety bugs present in firefox-esr 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146.

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component.

Clickjacking issue and information disclosure in the PDF Viewer component.

Use-after-free in the JavaScript: GC component.

Use-after-free in the JavaScript Engine component.

Information disclosure in the Networking component.

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.

References

CVE Name CVE-2026-0878
CVE Name CVE-2026-0883
CVE Name CVE-2026-0884
CVE Name CVE-2026-0885
CVE Name CVE-2026-0887
CVE Name CVE-2026-0890
CVE Name CVE-2026-0891

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.