CVE-2026-2757
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A vulnerability in the WebRTC: Audio/Video component of Firefox and Thunderbird is caused by incorrect boundary conditions. The flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code remotely or cause application crashes, compromising system confidentiality and availability.
Recommendation
Immediately update Firefox and Thunderbird to the versions specified in the description (Firefox 148, Firefox ESR 115.33/140.8, Thunderbird 148/140.8).
Original NVD description (English source)
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

