CVE-2026-6748
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
Uninitialized memory vulnerability in the Audio/Video: Web Codecs component of Firefox and Thunderbird. The flaw was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Risk Assessment
An attacker could exploit uninitialized memory to access sensitive data or destabilize the application, posing a risk to organizational information security.
Recommendation
Immediately update Firefox to version 150 or later, Thunderbird to version 150 or 140.10, and Firefox ESR to version 140.10.
Original NVD description (English source)
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

