CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0886 – Incorrect boundary conditions in the Graphics component
https://notcve.org/view.php?id=CVE-2026-0886
13 Jan 2026 — Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or... • https://bugzilla.mozilla.org/show_bug.cgi?id=2005658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-501: Trust Boundary Violation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0885 – Use-after-free in the JavaScript: GC component
https://notcve.org/view.php?id=CVE-2026-0885
13 Jan 2026 — Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=2003607 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0884 – Use-after-free in the JavaScript Engine component
https://notcve.org/view.php?id=CVE-2026-0884
13 Jan 2026 — Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=2003588 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0883 – Information disclosure in the Networking component
https://notcve.org/view.php?id=CVE-2026-0883
13 Jan 2026 — Information disclosure in the Networking component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1989340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0882 – Use-after-free in the IPC component
https://notcve.org/view.php?id=CVE-2026-0882
13 Jan 2026 — Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1924125 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0880 – Sandbox escape due to integer overflow in the Graphics component
https://notcve.org/view.php?id=CVE-2026-0880
13 Jan 2026 — Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, informa... • https://bugzilla.mozilla.org/show_bug.cgi?id=2005014 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0879 – Sandbox escape due to incorrect boundary conditions in the Graphics component
https://notcve.org/view.php?id=CVE-2026-0879
13 Jan 2026 — Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary cod... • https://bugzilla.mozilla.org/show_bug.cgi?id=2004602 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0878 – Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
https://notcve.org/view.php?id=CVE-2026-0878
13 Jan 2026 — Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape... • https://bugzilla.mozilla.org/show_bug.cgi?id=2003989 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0877 – Mitigation bypass in the DOM: Security component
https://notcve.org/view.php?id=CVE-2026-0877
13 Jan 2026 — Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 • CWE-693: Protection Mechanism Failure •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14025 – Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions
https://notcve.org/view.php?id=CVE-2025-14025
08 Jan 2026 — A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC). An update is now available for Red Hat Ansible Automation Platform 2.5. • https://access.redhat.com/articles/7136004 • CWE-279: Incorrect Execution-Assigned Permissions •