Mozilla Firefox Critical Vulnerabilities
14 Jan 2026
Overview
CVE: CVE-2026-0879, CVE-2026-0881, CVE-2026-0884, CVE-2026-0892
Severity: Critical
Date: 14 Jan 2026
Summary
Mozilla has released security updates to address multiple critical vulnerabilities in Firefox, including a sandbox escape with a CVSS score of 10.0. These flaws could allow attackers to execute arbitrary code or escape the sandbox environment. Immediate patching is strongly recommended.
Affected Versions
See vendor advisory for affected versions.
Vulnerability Breakdown
CVE-2026-0881 – Sandbox escape in the Messaging System component
Severity: Critical
CVSS: 10.0
Description: A sandbox escape vulnerability exists in the Messaging System component.
Impact: This could allow an attacker to break out of the sandbox and execute code on the underlying system.
Conditions: Requires a compromised content process or similar foothold.
CVE-2026-0879 – Sandbox escape due to incorrect boundary conditions
Severity: Critical
CVSS: 9.8
Description: Incorrect boundary conditions in the Graphics component can lead to a sandbox escape.
Impact: Allows escape from the sandbox to the parent process or system.
CVE-2026-0884 – Use-after-free in the JavaScript Engine component
Severity: Critical
CVSS: 9.8
Description: A use-after-free vulnerability in the JavaScript Engine component.
Impact: Could result in arbitrary code execution.
Mitigation
Update to the latest version of Mozilla Firefox immediately.
Review the Mozilla Security Advisories for full details.
Summary for IT Teams
Products: Mozilla Firefox
Threat Level: Critical, CVSS 10.0
Action Required: Patch immediately.
Reference
Need Help?
If your organisation needs assistance assessing or patching your environment, the Secure ISS SOC team is ready to help. Please get in touch on 1300 769 460 or email us.
