CVE-2026-2773
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
A vulnerability in the Web Audio component of Firefox and Thunderbird is caused by incorrect boundary conditions. This flaw could lead to unexpected behavior or potential exploitation by an attacker.
Risk Assessment
The organization faces the risk of remote code execution or browser crashes, potentially leading to data confidentiality breaches or user downtime.
Recommendation
Immediately update Firefox to version 148 or later, and Thunderbird to version 148 or 140.8 depending on the ESR branch.
Original NVD description (English source)
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

