NVD disclosure day

Published threat advisories for March 24, 2026

CVE advisoryCRITICAL

CVE-2026-4700

Firefox and Thunderbird Mitigation Bypass Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A mitigation bypass vulnerability exists in the Networking: HTTP component of affected software, potentially allowing unauthorized access. This could enable attackers to bypass security measures, leading to data compromise or system access if reachable. Prompt assessment of affected software deployment is necessary to

CVE advisoryCRITICAL

CVE-2026-4698

Firefox JIT Miscompilation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A critical vulnerability exists in the JavaScript engine of Mozilla's Firefox browser that could allow an attacker to execute arbitrary code. This issue requires user interaction, such as visiting a malicious website, to be exploited. It is important to confirm the relevance and exposure of this vulnerability to unders

CVE advisoryCRITICAL

CVE-2026-4696

Firefox Use-after-free in Text and Fonts Component.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability exists in the text and font handling component of Mozilla Firefox, which could allow an attacker to execute arbitrary code. This issue requires user interaction with malicious content and poses a risk to system integrity and data confidentiality. Updates are available for affected version

CVE advisoryCRITICAL

CVE-2026-4692

Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A sandbox escape vulnerability in the Responsive Design Mode component of Firefox and Thunderbird could allow an attacker to break out of restricted environments. This could potentially affect system data and application behavior if triggered by user interaction with malicious content. Further analysis is needed to con

CVE advisoryCRITICAL

CVE-2026-4691

Firefox CSS Parsing Use-After-Free Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability exists in the CSS Parsing and Computation component of Firefox and Thunderbird. If reachable, an attacker could exploit this by providing malicious web content, potentially leading to integrity and availability impacts or even code execution.

CVE advisoryCRITICAL

CVE-2026-4689

Firefox and Thunderbird Sandbox Escape Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A critical vulnerability in Mozilla's Firefox and Thunderbird products could allow for sandbox escape due to an integer overflow in the XPCOM component. If reachable, an attacker could exploit this to execute arbitrary code on a user's system, posing a significant risk to data and system integrity.

CVE advisoryCRITICAL

CVE-2026-4688

Firefox Disability Access API Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A critical sandbox escape vulnerability exists in the Disability Access APIs component of certain Mozilla products. This flaw, a use-after-free condition, could allow an attacker to break out of the browser's security sandbox if reachable. It is important to identify and update affected systems to mitigate this risk.

CVE advisoryCRITICAL

CVE-2026-33211

Tekton Pipelines Path Traversal Leading to File Disclosure.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

The Tekton Pipelines project, used for CI/CD in Kubernetes, has a path traversal vulnerability in its git resolver via the `pathInRepo` parameter. An authenticated user could exploit this to read arbitrary files, such as ServiceAccount tokens, from the resolver pod's filesystem. This could lead to unauthorized access a