CVE Catalog

CVE-2026-2774

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.54%

41th percentile - higher than 41% of all known CVEs

Summary

An integer overflow was discovered in the Audio/Video component of Firefox and Thunderbird. This vulnerability is fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An integer overflow could lead to unexpected behavior, potentially enabling remote code execution or application crash, compromising system confidentiality and availability.

Recommendation

Immediately update Firefox to version 148 or later, and Thunderbird to version 148 or 140.8 depending on the ESR branch used.

Original NVD description (English source)

Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS