VOOZH about

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5732

⇱ NVD - CVE-2026-5732


  1. Vulnerabilities

CVE-2026-5732 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Current Description

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.


View Analysis Description

Analysis Description

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://access.redhat.com/errata/RHSA-2026:11805 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:11813 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:12264 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13342 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13412 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13533 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13582 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13583 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13596 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13600 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13665 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13682 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13683 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13922 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13977 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:14223 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:14303 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:15889 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:7671 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:7672 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8052 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8459 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:9345 redhat-SADP
https://access.redhat.com/errata/RHSA-2026:9638 redhat-SADP
https://access.redhat.com/security/cve/CVE-2026-5732 redhat-SADP
https://bugzilla.mozilla.org/show_bug.cgi?id=2017867 Mozilla Corporation Issue Tracking  Permissions Required 
https://bugzilla.redhat.com/show_bug.cgi?id=2455908 redhat-SADP
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5732.json redhat-SADP
https://www.mozilla.org/security/advisories/mfsa2026-25/ Mozilla Corporation Vendor Advisory 
https://www.mozilla.org/security/advisories/mfsa2026-27/ Mozilla Corporation Vendor Advisory 
https://www.mozilla.org/security/advisories/mfsa2026-28/ Mozilla Corporation
https://www.mozilla.org/security/advisories/mfsa2026-29/ Mozilla Corporation

Weakness Enumeration

CWE-ID CWE Name Source
CWE-190 Integer Overflow or Wraparound CISA-ADP   redhat-SADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

CVE Modified by redhat-SADP 6/29/2026 11:21:09 PM

Action Type Old Value New Value
Added CVSS V3.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Added CWE
CWE-190


Added Reference
https://access.redhat.com/errata/RHSA-2026:11805


Added Reference
https://access.redhat.com/errata/RHSA-2026:11813


Added Reference
https://access.redhat.com/errata/RHSA-2026:12264


Added Reference
https://access.redhat.com/errata/RHSA-2026:13342


Added Reference
https://access.redhat.com/errata/RHSA-2026:13412


Added Reference
https://access.redhat.com/errata/RHSA-2026:13533


Added Reference
https://access.redhat.com/errata/RHSA-2026:13582


Added Reference
https://access.redhat.com/errata/RHSA-2026:13583


Added Reference
https://access.redhat.com/errata/RHSA-2026:13596


Added Reference
https://access.redhat.com/errata/RHSA-2026:13600


Added Reference
https://access.redhat.com/errata/RHSA-2026:13665


Added Reference
https://access.redhat.com/errata/RHSA-2026:13682


Added Reference
https://access.redhat.com/errata/RHSA-2026:13683


Added Reference
https://access.redhat.com/errata/RHSA-2026:13922


Added Reference
https://access.redhat.com/errata/RHSA-2026:13977


Added Reference
https://access.redhat.com/errata/RHSA-2026:14223


Added Reference
https://access.redhat.com/errata/RHSA-2026:14303


Added Reference
https://access.redhat.com/errata/RHSA-2026:15889


Added Reference
https://access.redhat.com/errata/RHSA-2026:7671


Added Reference
https://access.redhat.com/errata/RHSA-2026:7672


Added Reference
https://access.redhat.com/errata/RHSA-2026:8052


Added Reference
https://access.redhat.com/errata/RHSA-2026:8459


Added Reference
https://access.redhat.com/errata/RHSA-2026:9345


Added Reference
https://access.redhat.com/errata/RHSA-2026:9638


Added Reference
https://access.redhat.com/security/cve/CVE-2026-5732


Added Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2455908


Added Reference
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5732.json


Added Affected Record truncated, showing 2048 of 3052 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v. 8.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red H

CVE Modified by CISA-ADP 6/17/2026 6:59:34 AM

Action Type Old Value New Value
Added SSVC
{"timestamp":"2026-04-07T14:28:39.207668Z","id":"CVE-2026-5732","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}


CVE Modified by Mozilla Corporation 6/17/2026 6:59:34 AM

Action Type Old Value New Value
Added Affected
[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"140.9.1","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"149.0.2","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.9.1","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"149.0.2","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]


CVE Modified by Mozilla Corporation 4/13/2026 11:17:46 AM

Action Type Old Value New Value
Changed Description
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.


Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.


CVE Modified by Mozilla Corporation 4/07/2026 3:16:47 PM

Action Type Old Value New Value
Changed Description
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.


Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.


Added Reference
https://www.mozilla.org/security/advisories/mfsa2026-28/


Added Reference
https://www.mozilla.org/security/advisories/mfsa2026-29/


Initial Analysis by NIST 4/07/2026 1:18:59 PM

Action Type Old Value New Value
Added CPE Configuration
OR
 *cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* versions up to (excluding) 149.0.2
 *cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* versions up to (excluding) 140.9.1


Added Reference Type
Mozilla Corporation: https://bugzilla.mozilla.org/show_bug.cgi?id=2017867 Types: Issue Tracking, Permissions Required


Added Reference Type
Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2026-25/ Types: Vendor Advisory


Added Reference Type
Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2026-27/ Types: Vendor Advisory


CVE Modified by CISA-ADP 4/07/2026 11:17:50 AM

Action Type Old Value New Value
Added CVSS V3.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Added CWE
CWE-190


New CVE Received from Mozilla Corporation 4/07/2026 9:16:47 AM

Action Type Old Value New Value
Added Description
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.


Added Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=2017867


Added Reference
https://www.mozilla.org/security/advisories/mfsa2026-25/


Added Reference
https://www.mozilla.org/security/advisories/mfsa2026-27/


Quick Info

CVE Dictionary Entry:
CVE-2026-5732
NVD Published Date:
04/07/2026
NVD Last Modified:
06/29/2026
Source:
Mozilla Corporation