关键信息 公告日期: January 13, 2026 影响: High 产品: Firefox 修复版本: Firefox 147 漏洞详情 CVE-2026-0877 - 描述: Mitigation bypass in the DOM: Security component - 报告者: mingjung - 影响: High - 参考: Bug 1999257 CVE-2026-0878 - 描述: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component - 报告者: Oskar L - 影响: High - 参考: Bug 2003989 CVE-2026-0879 - 描述: Sandbox escape due to incorrect boundary conditions in the Graphics component - 报告者: Oskar L - 影响: High - 参考: Bug 2004602 CVE-2026-0880 - 描述: Sandbox escape due to integer overflow in the Graphics component - 报告者: Oskar L - 影响: High - 参考: Bug 2005014 CVE-2026-0881 - 描述: Sandbox escape in the Messaging System component - 报告者: Andrew McCreight - 影响: High - 参考: Bug 2005845 CVE-2026-0882 - 描述: Use-after-free in the IPC component - 报告者: Randell Jesup - 影响: High - 参考: Bug 1924125 CVE-2026-0883 - 描述: Information disclosure in the Networking component - 报告者: Vladislav Plyatsok - 影响: Moderate - 参考: Bug 1989340 CVE-2026-0884 - 描述: Use-after-free in the JavaScript Engine component - 报告者: Gary Kwong and Nan Wang - 影响: Moderate - 参考: Bug 2003588 CVE-2026-0885 - 描述: Use-after-free in the JavaScript: GC component - 报告者: Irvan Kurniawan - 影响: Moderate - 参考: Bug 2003607 CVE-2026-0886 - 描述: Incorrect boundary conditions in the Graphics component - 报告者: Oskar L - 影响: Moderate - 参考: Bug 2005658 CVE-2026-0887 - 描述: Clickjacking issue, information disclosure in the PDF Viewer component - 报告者: Lyra Rebane - 影响: Moderate - 参考: Bug 2006500 CVE-2026-0888 - 描述: Information disclosure in the XML component - 报告者: Pier Angelo Vendrame - 影响: Low - 参考: Bug 1985996 CVE-2026-0889 - 描述: Denial-of-service in the DOM: Service Workers component - 报告者: Elysee Franchuk, Caleb Lerch - 影响: Low - 参考: Bug 1999084 CVE-2026-0890 - 描述:Spoofing issue in the DOM: Copy & Paste and Drag & Drop component - 报告者: Edgar Chen - 影响: Low - 参考: Bug 2005081 CVE-2026-0891 - 描述: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 - 报告者: Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team - 影响: High - 描述: Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. - 参考:Bug 1999257 - 参考: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 CVE-2026-0892 - 描述: Memory safety bugs fixed in Firefox 147 and Thunderbird 147 - 报告者: Hiroyuki Ikezoe, Jon Coppeard, Maurice Dauer and the Mozilla Fuzzing Team - 影响: Moderate - 描述: Memory safety bugs present in Firefox 146 and Thunderbird 146. - 参考: Bug 2003588 - 参考: Memory safety bugs fixed in Firefox 147 and Thunderbird 147