CVE-2026-8091

Summary

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox115.35.2 <= 115.*unaffected
MozillaFirefox140.10.1 <= 140.*unaffected
MozillaFirefox150 <= *unaffected
MozillaThunderbird140.10.1 <= 140.*unaffected
MozillaThunderbird150 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component

Additional References

References