PT-2026-41913 · Mozilla+1 · Thunderbird+2

Ameen Basha M K

Published

2026-05-19

Updated

2026-06-02

CVE-2026-8959

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11

Description Incorrect boundary conditions in the Widget: Win32 component allow for a sandbox escape, which occurs when a process breaks out of its restricted environment to access the broader system.

Recommendations Update to version 151 Update to version 140.11 Update to version 151 Update to version 140.11

Fix

DoS

Protection Mechanism Failure

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-119CWE-20

Related Identifiers

ALSA-2026:21381

ALSA-2026:22325

ALSA-2026:22643

CVE-2026-8959

OESA-2026-2392

OESA-2026-2393

OESA-2026-2394

OESA-2026-2465

OPENSUSE-SU-2026:10813-1

OPENSUSE-SU-2026:10863-1

OPENSUSE-SU-2026:10864-1

Affected Products

Firefox

Rocky Linux

Thunderbird

PT-2026-41913 · Mozilla+1 · Thunderbird+2

CVE-2026-8959

Weakness Enumeration

Related Identifiers

Affected Products

References · 131