Integer Overflow Vulnerability in Mozilla Firefox Audio/Video Component
CVE-2026-8954

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8954?

An integer overflow vulnerability exists in the Audio/Video component of Mozilla Firefox, which arises due to incorrect boundary conditions. This flaw can lead to unexpected behavior within the application. Mozilla has addressed this issue in Firefox version 151 and in the Extended Support Release (ESR) version 140.11, ensuring safer media handling capabilities.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2030747

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Ameen Basha M K

CVE-2026-8954 Data

JSON