PatchSiren cyber security CVE debrief
CVE-2026-4693 Mozilla CVE debrief
CVE-2026-4693 is a HIGH severity vulnerability in the Audio/Video: Playback component. The issue involves incorrect boundary conditions. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVE was published on March 24, 2026, and modified on June 30, 2026. The vulnerability has a CVSS score of 7.5 and a CVSS severity of HIGH.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-24
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Firefox, Firefox ESR, and Thunderbird should prioritize patching this vulnerability. The vulnerability's HIGH severity and wide range of affected products make it a critical issue to address. Additionally, defenders should review their inventory of affected products and ensure they are updated to the latest versions.
Technical summary
The vulnerability is caused by incorrect boundary conditions in the Audio/Video: Playback component. This issue can lead to potential security risks if exploited. The vulnerability was addressed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a HIGH severity vulnerability.
Defensive priority
Patching is the primary recommended action for this vulnerability. Defenders should prioritize updating Firefox, Firefox ESR, and Thunderbird to the latest versions to mitigate the risk.
Recommended defensive actions
- Patch Firefox to version 149 or later
- Patch Firefox ESR to version 115.34 or later
- Patch Firefox ESR to version 140.9 or later
- Patch Thunderbird to version 149 or later
- Patch Thunderbird to version 140.9 or later
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. The source item URL provides additional metadata about the CVE. Vendor advisories from Mozilla are available for this vulnerability.
Official resources
-
CVE-2026-4693 CVE record
CVE.org
-
CVE-2026-4693 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.