Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Firefox and Thunderbird can be hacked if you view malicious images
DEBIAN-CVE-2026-2760
Summary
Old versions of Firefox and Thunderbird can be tricked into allowing hackers to break out of a security sandbox, which can lead to data theft or other security issues. This affects users who haven't updated to the latest versions. To stay safe, update to the latest version of your browser or email client.
What to do
- Update debian firefox-esr to version 140.8.0esr-1~deb11u1.
- Update debian firefox-esr to version 140.8.0esr-1~deb12u1.
- Update debian firefox-esr to version 140.8.0esr-1~deb13u1.
- Update debian firefox-esr to version 140.8.0esr-1.
- Update debian thunderbird to version 1:140.8.0esr-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | firefox-esr | <= 140.8.0esr-1~deb11u1 | 140.8.0esr-1~deb11u1 |
| debian | firefox-esr | <= 140.8.0esr-1~deb12u1 | 140.8.0esr-1~deb12u1 |
| debian | firefox-esr | <= 140.8.0esr-1~deb13u1 | 140.8.0esr-1~deb13u1 |
| debian | firefox-esr | <= 140.8.0esr-1 | 140.8.0esr-1 |
| debian | thunderbird | All versions | – |
| debian | thunderbird | All versions | – |
| debian | thunderbird | All versions | – |
| debian | thunderbird | <= 1:140.8.0esr-1 | 1:140.8.0esr-1 |
Original title
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and...
Original description
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
osv CVSS3.1
10.0
- https://security-tracker.debian.org/tracker/CVE-2026-2760 Vendor Advisory
Published: 24 Feb 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026