Mozilla Firefox and Thunderbird Canvas2D Use-After-Free Vulnerability (CVE-2026-4725)
A use-after-free vulnerability in the Canvas2D component of Mozilla Firefox and Thunderbird versions before 149 allows for a potential sandbox escape.
CVE-2026-4725 is a critical use-after-free vulnerability impacting the Canvas2D graphics component in Mozilla Firefox and Thunderbird. Specifically, versions prior to 149 are affected. This vulnerability could allow an attacker to potentially escape the browser’s or email client’s sandbox. The vulnerability stems from improper memory management in the Canvas2D component, where freed memory is accessed again. Successful exploitation of this flaw could grant an attacker elevated privileges or the…
Detection coverage 2
Canvas2D Use-After-Free Attempt
highDetects potential attempts to trigger a use-after-free vulnerability in the Canvas2D component of Firefox or Thunderbird
Suspicious Javascript URI
mediumDetects potential attempts to inject malicious javascript into a webpage.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1