CVE-2026-8091
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A vulnerability in the Audio/Video playback component of Firefox and Thunderbird results from incorrect boundary conditions. The flaw was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.
Risk Assessment
The organization is at risk of potential remote code execution or browser crash when playing crafted media content, which could lead to data confidentiality and integrity breaches.
Recommendation
Immediately update Firefox and Thunderbird to the versions specified in the description (Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, or Firefox ESR 115.35.2).
Original NVD description (English source)
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

