CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4691 – Use-after-free in the CSS Parsing and Computation component
https://notcve.org/view.php?id=CVE-2026-4691
24 Mar 2026 — Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Uso después de liberación en el componente de análisis y computación CSS. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Use-after-free in the CSS Parsing and Computation component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2017512 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4690 – Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
https://notcve.org/view.php?id=CVE-2026-4690
24 Mar 2026 — Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Escape de sandbox debido a condiciones de límite incorrectas, desbordamiento de entero en el componente XPCOM. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Sandbox escape due to incorrect bo... • https://bugzilla.mozilla.org/show_bug.cgi?id=2016375 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-4688 – Sandbox escape due to use-after-free in the Disability Access APIs component
https://notcve.org/view.php?id=CVE-2026-4688
24 Mar 2026 — Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Escape de sandbox debido a uso después de liberación en el componente de APIs de Accesibilidad. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Sandbox escape due to use-after-free in the Disability Access APIs component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2016373 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4687 – Sandbox escape due to incorrect boundary conditions in the Telemetry component
https://notcve.org/view.php?id=CVE-2026-4687
24 Mar 2026 — Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Escape de sandbox debido a condiciones de límite incorrectas en el componente de Telemetría. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Sandbox escape due to incorrect boundary conditions in the Telemet... • https://bugzilla.mozilla.org/show_bug.cgi?id=2016368 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4686 – Incorrect boundary conditions in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2026-4686
24 Mar 2026 — Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Condiciones de contorno incorrectas en el componente Graphics: Canvas2D. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149 y Thunderbird < 140.9. Incorrect boundary conditions in the Graphics: Canvas2D component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2016351 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4685 – Incorrect boundary conditions in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2026-4685
24 Mar 2026 — Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Condiciones de límite incorrectas en el componente Graphics: Canvas2D. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Incorrect boundary conditions in the Graphics: Canvas2D component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2016349 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-4684 – Race condition, use-after-free in the Graphics: WebRender component
https://notcve.org/view.php?id=CVE-2026-4684
24 Mar 2026 — Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Condición de carrera, uso después de liberación en el componente Gráficos: WebRender. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9. Race condition, use-after-free in the Graphics: WebRender component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2011129 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2807 – Memory safety bugs fixed in Firefox 148 and Thunderbird 148
https://notcve.org/view.php?id=CVE-2026-2807
24 Feb 2026 — Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1756056%2C1999402%2C2004872%2C2006037%2C2012855 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2804 – Use-after-free in the JavaScript: WebAssembly component
https://notcve.org/view.php?id=CVE-2026-2804
24 Feb 2026 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=2013584 • CWE-416: Use After Free •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2802 – Race condition in the JavaScript: GC component
https://notcve.org/view.php?id=CVE-2026-2802
24 Feb 2026 — Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=2011069 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •