CVE-2026-2772

CRITICAL

Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - Use-After-Free in Audio/Video Playback

Title source: llm
STIX 2.1

Description

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

References (34)

Core 34
Core References

Scores

CVSS v3 9.8
EPSS 0.0047
EPSS Percentile 37.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (9)
mozilla/firefox < 115.33.0
mozilla/firefox < 148.0
Mozilla/Firefox 115.33 - 115.*
Mozilla/Firefox 140.8 - 140.*
Mozilla/Firefox 148
mozilla/thunderbird < 140.8.0
mozilla/thunderbird < 148.0
Mozilla/Thunderbird 140.8 - 140.*
Mozilla/Thunderbird 148
Published Feb 24, 2026
Tracked Since Feb 24, 2026