PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-4693 Mozilla CVE debrief

CVE-2026-4693 is a HIGH severity vulnerability in the Audio/Video: Playback component. The issue involves incorrect boundary conditions. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVE was published on March 24, 2026, and modified on June 30, 2026. The vulnerability has a CVSS score of 7.5 and a CVSS severity of HIGH.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-24
Original CVE updated
2026-06-30
Advisory published
2026-03-24
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Firefox, Firefox ESR, and Thunderbird should prioritize patching this vulnerability. The vulnerability's HIGH severity and wide range of affected products make it a critical issue to address. Additionally, defenders should review their inventory of affected products and ensure they are updated to the latest versions.

Technical summary

The vulnerability is caused by incorrect boundary conditions in the Audio/Video: Playback component. This issue can lead to potential security risks if exploited. The vulnerability was addressed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a HIGH severity vulnerability.

Defensive priority

Patching is the primary recommended action for this vulnerability. Defenders should prioritize updating Firefox, Firefox ESR, and Thunderbird to the latest versions to mitigate the risk.

Recommended defensive actions

  • Patch Firefox to version 149 or later
  • Patch Firefox ESR to version 115.34 or later
  • Patch Firefox ESR to version 140.9 or later
  • Patch Thunderbird to version 149 or later
  • Patch Thunderbird to version 140.9 or later

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. The source item URL provides additional metadata about the CVE. Vendor advisories from Mozilla are available for this vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.