Information Disclosure in Firefox Audio/Video Component
CVE-2026-7320

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-7320?

An information disclosure vulnerability exists in the Audio/Video component of Firefox due to incorrect boundary conditions. This flaw can potentially allow unauthorized access to sensitive information. Mozilla has addressed this issue in the following updates: Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. Users are encouraged to update their software to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Firefox 115.35.1

Firefox 140.10.1

Firefox 150.0.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2027433

https://www.mozilla.org/security/advisories/mfsa2026-35/

https://www.mozilla.org/security/advisories/mfsa2026-36/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Xuehao Guo

CVE-2026-7320 Data

JSON