CVE Catalog

CVE-2026-2757

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile - higher than 38% of all known CVEs

Summary

A vulnerability in the WebRTC: Audio/Video component of Firefox and Thunderbird is caused by incorrect boundary conditions. The flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code remotely or cause application crashes, compromising system confidentiality and availability.

Recommendation

Immediately update Firefox and Thunderbird to the versions specified in the description (Firefox 148, Firefox ESR 115.33/140.8, Thunderbird 148/140.8).

Original NVD description (English source)

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS