PatchSiren cyber security CVE debrief
CVE-2026-2772 Mozilla CVE debrief
CVE-2026-2772 is a critical use-after-free vulnerability in the Audio/Video: Playback component of Firefox. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE record was published on February 24, 2026, and last modified on June 30, 2026.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Firefox, Firefox ESR, Thunderbird, or other affected products should prioritize patching this vulnerability. The vulnerability's critical severity and high CVSS score indicate a significant risk of exploitation. Users of Red Hat products may also be affected, as indicated by multiple Red Hat errata references.
Technical summary
The CVE-2026-2772 vulnerability is a use-after-free issue in the Audio/Video: Playback component of Firefox. This type of vulnerability occurs when a program attempts to access memory after it has been freed or deleted. An attacker could potentially exploit this vulnerability to execute arbitrary code or cause a denial-of-service condition. The vulnerability affects multiple products, including Firefox, Firefox ESR, and Thunderbird. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability.
Defensive priority
Patching this vulnerability is a high priority due to its critical severity and high CVSS score. Organizations should prioritize applying the patches for Firefox, Firefox ESR, Thunderbird, and other affected products as soon as possible.
Recommended defensive actions
- Apply patches for Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- Ensure all users and systems are updated to the patched versions.
- Review and update Red Hat systems according to the provided errata references.
- Monitor for any signs of exploitation or suspicious activity.
- Consider implementing additional security measures, such as enhanced monitoring and incident response planning.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. Multiple vendor advisories and issue tracking references are available, indicating a comprehensive response to the vulnerability. Red Hat has also provided errata references for affected systems.
Official resources
-
CVE-2026-2772 CVE record
CVE.org
-
CVE-2026-2772 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Issue Tracking, Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.