CVE Catalog

CVE-2026-8091

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

A vulnerability in the Audio/Video playback component of Firefox and Thunderbird results from incorrect boundary conditions. The flaw was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Risk Assessment

The organization is at risk of potential remote code execution or browser crash when playing crafted media content, which could lead to data confidentiality and integrity breaches.

Recommendation

Immediately update Firefox and Thunderbird to the versions specified in the description (Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, or Firefox ESR 115.35.2).

Original NVD description (English source)

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS