CRITICAL🇵🇱 Wersja polska

CVE-2026-2757

CVSS 9.8v3.1pub. 2026-02-24upd. 2026-06-30

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of boundary conditions in the component responsible for processing audio and video in the WebRTC protocol. An attacker can provide specially crafted media data over the network, leading to memory integrity violation or other improper application behavior. Due to the lack of detailed technical information (CWE: NVD-CWE-noinfo), the exact exploitation mechanism is not publicly documented.

Impact

Successful exploitation of this vulnerability may allow an attacker to obtain sensitive data, compromise system integrity, or cause application unavailability — with the highest level of impact on confidentiality, integrity, and availability according to the CVSS vector.

Mitigation & patch

Software should be updated to the following versions: Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8, in accordance with the manufacturer's recommendations published in Mozilla security advisories (MFSA2026-13 through MFSA2026-16).

Who is affected

Mozilla Firefox prior to version 148, Mozilla Firefox ESR prior to versions 115.33 and 140.8, Mozilla Thunderbird prior to version 148, and Mozilla Thunderbird prior to version 140.8.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 115.33.0< 148.0128.0 – 140.8.0 (bez)
  • Mozilla Thunderbird

    APP
    Mozilla
    < 140.8.0< 148.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...