CRITICAL🇵🇱 Wersja polska

CVE-2026-4725

CVSS 10.0v3.1pub. 2026-03-24upd. 2026-04-13

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

🤖 AI Analysis
How it works

The vulnerability (CWE-416, use-after-free) consists of referencing a memory area that has already been freed within the component responsible for rendering Canvas2D graphics. Through appropriately crafted web page content, an attacker can trigger a memory management error that leads to the execution of malicious code outside the isolated browser sandbox environment. The network attack vector (AV:N) without privilege requirements (PR:N) and user interaction (UI:N) means that simply visiting a malicious website may be sufficient to trigger the vulnerability.

Impact

Successful exploitation of this vulnerability allows an attacker to escape the browser sandbox and potentially gain full control over the victim's system, including data confidentiality, system integrity, and availability (C:H/I:H/A:H in the changed scope S:C).

Mitigation & patch

Mozilla Firefox must be immediately updated to version 149 or later, and Mozilla Thunderbird must be updated to version 149 or later. Detailed information is available in Mozilla security advisories: mfsa2026-20 and mfsa2026-23.

Who is affected

Mozilla Firefox in versions prior to Firefox 149 and Mozilla Thunderbird in versions prior to Thunderbird 149.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 149.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...