Boundary Condition Flaw in Firefox Audio/Video Playback Component
CVE-2026-8091

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-8091?

A boundary condition vulnerability in Firefox’s audio/video playback component can lead to unexpected behavior during playback. This may allow attackers to exploit the flaw, potentially impacting the integrity of audio/video output. Mozilla has introduced fixes in the Firefox ESR 140.10.2 and 115.35.2 releases to mitigate this issue, underscoring the need for users to update to the latest versions for enhanced security.

Affected Version(s)

Thunderbird 150

Firefox 115.35.2

Firefox 140.10.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2029301

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-33/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

Credit

The Mozilla Fuzzing Team

CVE-2026-8091 Data

JSON