PT-2026-21693 · Mozilla · Firefox+2

Oskar L

Published

2026-01-01

Updated

2026-03-18

CVE-2026-2760

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8

Description A sandbox escape is possible due to incorrect boundary conditions within the Graphics: WebRender component. This issue could allow an attacker to bypass security restrictions.

Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1384

Related Identifiers

ALSA-2026:3338

ALSA-2026:3339

ALSA-2026:3361

ALSA-2026:3515

ALSA-2026:3516

ALSA-2026:3517

CVE-2026-2760

MGASA-2026-0052

MGASA-2026-0053

OESA-2026-1471

OESA-2026-1472

OESA-2026-1473

OESA-2026-1474

OESA-2026-1539

OESA-2026-1540

OPENSUSE-SU-2026:10242-1

OPENSUSE-SU-2026:10248-1

OPENSUSE-SU-2026:10257-1

OPENSUSE-SU-2026:20365-1

OPENSUSE-SU-2026:20391-1

RHSA-2026:3338

RHSA-2026:3339

RHSA-2026:3361

RHSA-2026:3491

RHSA-2026:3492

RHSA-2026:3493

RHSA-2026:3494

RHSA-2026:3495

RHSA-2026:3496

RHSA-2026:3497

RHSA-2026:3515

RHSA-2026:3516

RHSA-2026:3517

RHSA-2026:3976

RHSA-2026:3978

RHSA-2026:3979

RHSA-2026:3980

RHSA-2026:3981

RHSA-2026:3982

RHSA-2026:3983

RHSA-2026:3984

RHSA-2026:4022

RHSA-2026:4152

RHSA-2026:4260

RHSA-2026:4432

SUSE-SU-2026:0812-1

SUSE-SU-2026:0871-1

SUSE-SU-2026:0880-1

Affected Products

Firefox

Firefox Esr

Thunderbird

PT-2026-21693 · Mozilla · Firefox+2

CVE-2026-2760

Weakness Enumeration

Related Identifiers

Affected Products

References · 266