9.8

CVE-2026-2773

Incorrect boundary conditions in the Web Audio component

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 115.33.0
MozillaFirefox SwEdition- Version < 148.0
MozillaFirefox SwEditionesr Version >= 128.0 < 140.8.0
MozillaThunderbird SwEditionesr Version < 140.8.0
MozillaThunderbird SwEdition- Version < 148.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.442
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.mozilla.org/security/advisories/mfsa2026-13/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-14/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-15/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2014832
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-16/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-17/
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3338
https://access.redhat.com/errata/RHSA-2026:3339
https://access.redhat.com/errata/RHSA-2026:3361
https://access.redhat.com/errata/RHSA-2026:3491
https://access.redhat.com/errata/RHSA-2026:3492
https://access.redhat.com/errata/RHSA-2026:3493
https://access.redhat.com/errata/RHSA-2026:3494
https://access.redhat.com/errata/RHSA-2026:3495
https://access.redhat.com/errata/RHSA-2026:3496
https://access.redhat.com/errata/RHSA-2026:3497
https://access.redhat.com/errata/RHSA-2026:3515
https://access.redhat.com/errata/RHSA-2026:3516
https://access.redhat.com/errata/RHSA-2026:3517
https://access.redhat.com/errata/RHSA-2026:3976
https://access.redhat.com/errata/RHSA-2026:3978
https://access.redhat.com/errata/RHSA-2026:3979
https://access.redhat.com/errata/RHSA-2026:3980
https://access.redhat.com/errata/RHSA-2026:3981
https://access.redhat.com/errata/RHSA-2026:3982
https://access.redhat.com/errata/RHSA-2026:3983
https://access.redhat.com/errata/RHSA-2026:3984
https://access.redhat.com/errata/RHSA-2026:4022
https://access.redhat.com/errata/RHSA-2026:4152
https://access.redhat.com/errata/RHSA-2026:4260
https://access.redhat.com/errata/RHSA-2026:4432
https://access.redhat.com/security/cve/CVE-2026-2773
https://bugzilla.redhat.com/show_bug.cgi?id=2442319
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2773.json