VDB
GCVE-110-MAGEIA-2026-80
GCVE-110-MAGEIA-2026-80
Advisory Published
Denial-of-service in the XML component. (CVE-2025-59375)
Race condition, use-after-free in the Graphics: WebRender component.
(CVE-2026-4684)
Incorrect boundary conditions in the Graphics: Canvas2D component.
(CVE-2026-4685)
Incorrect boundary conditions in the Graphics: Canvas2D component.
(CVE-2026-4686)
Sandbox escape due to incorrect boundary conditions in the Telemetry
component. (CVE-2026-4687)
Sandbox escape due to use-after-free in the Disability Access APIs
component. (CVE-2026-4688)
Sandbox escape due to incorrect boundary conditions, integer overflow in
the XPCOM component. (CVE-2026-4689)
Sandbox escape due to incorrect boundary conditions, integer overflow in
the XPCOM component. (CVE-2026-4690)
Use-after-free in the CSS Parsing and Computation component.
(CVE-2026-4691)
Sandbox escape in the Responsive Design Mode component. (CVE-2026-4692)
Incorrect boundary conditions in the Audio/Video: Playback component.
(CVE-2026-4693)
Incorrect boundary conditions, integer overflow in the Graphics
component. (CVE-2026-4694)
Incorrect boundary conditions in the Audio/Video: Web Codecs component.
(CVE-2026-4695)
Use-after-free in the Layout: Text and Fonts component. (CVE-2026-4696)
Incorrect boundary conditions in the Audio/Video: Web Codecs component.
(CVE-2026-4697)
JIT miscompilation in the JavaScript Engine: JIT component.
(CVE-2026-4698)
Incorrect boundary conditions in the Layout: Text and Fonts component.
(CVE-2026-4699)
Mitigation bypass in the Networking: HTTP component. (CVE-2026-4700)
Use-after-free in the JavaScript Engine component. (CVE-2026-4701)
JIT miscompilation in the JavaScript Engine component. (CVE-2026-4702)
Denial-of-service in the WebRTC: Signaling component. (CVE-2026-4704)
Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4705)
Incorrect boundary conditions in the Graphics: Canvas2D component.
(CVE-2026-4706)
Incorrect boundary conditions in the Graphics: Canvas2D component.
(CVE-2026-4707)
Incorrect boundary conditions in the Graphics component. (CVE-2026-4708)
Incorrect boundary conditions in the Audio/Video: GMP component.
(CVE-2026-4709)
Incorrect boundary conditions in the Audio/Video component.
(CVE-2026-4710)
Use-after-free in the Widget: Cocoa component. (CVE-2026-4711)
Information disclosure in the Widget: Cocoa component. (CVE-2026-4712)
Incorrect boundary conditions in the Graphics component. (CVE-2026-4713)
Incorrect boundary conditions in the Audio/Video component.
(CVE-2026-4714)
Uninitialized memory in the Graphics: Canvas2D component.
(CVE-2026-4715)
Incorrect boundary conditions, uninitialized memory in the JavaScript
Engine component. (CVE-2026-4716)
Privilege escalation in the Netmonitor component. (CVE-2026-4717)
Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4718)
Incorrect boundary conditions in the Graphics: Text component.
(CVE-2026-4719)
Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9,
Firefox 149 and Thunderbird 149. (CVE-2026-4720)
Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9,
Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | firefox | 0 (affected), 140.9.0-1.mga9 (unaffected) | — |
| Mageia | firefox-l10n | 140.9.0-1.mga9 (unaffected), 0 (affected) | — |
| Mageia | nss | 0 (affected), 3.122.0-1.mga9 (unaffected) | — |
Aliases
CVE-2026-4684CVE-2026-4685CVE-2026-4686CVE-2026-4687CVE-2026-4688CVE-2026-4689CVE-2026-4690CVE-2026-4691CVE-2026-4692CVE-2026-4693CVE-2026-4694CVE-2026-4695CVE-2026-4696CVE-2026-4697CVE-2026-4698CVE-2026-4699CVE-2026-4700CVE-2026-4701CVE-2026-4702CVE-2026-4704CVE-2026-4705CVE-2026-4706CVE-2026-4707CVE-2026-4708CVE-2026-4709CVE-2026-4710CVE-2026-4711CVE-2026-4712CVE-2026-4713CVE-2026-4714CVE-2026-4715CVE-2026-4716CVE-2026-4717CVE-2026-4718CVE-2026-4719CVE-2026-4720CVE-2026-4721
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.