CVE Catalog

CVE-2026-6748

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

Uninitialized memory vulnerability in the Audio/Video: Web Codecs component of Firefox and Thunderbird. The flaw was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Risk Assessment

An attacker could exploit uninitialized memory to access sensitive data or destabilize the application, posing a risk to organizational information security.

Recommendation

Immediately update Firefox to version 150 or later, Thunderbird to version 150 or 140.10, and Firefox ESR to version 140.10.

Original NVD description (English source)

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS