CVE-2026-2774
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
An integer overflow was discovered in the Audio/Video component of Firefox and Thunderbird. This vulnerability is fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An integer overflow could lead to unexpected behavior, potentially enabling remote code execution or application crash, compromising system confidentiality and availability.
Recommendation
Immediately update Firefox to version 148 or later, and Thunderbird to version 148 or 140.8 depending on the ESR branch used.
Original NVD description (English source)
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

