PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7320 Mozilla CVE debrief

CVE-2026-7320 is a high-severity vulnerability in the Audio/Video component of Firefox and Thunderbird, allowing for information disclosure. The vulnerability was caused by incorrect boundary conditions and was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. The CVE was published on 2026-04-28 and last modified on 2026-06-30. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected products include Firefox, Firefox ESR, and Thunderbird.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-28
Original CVE updated
2026-06-30
Advisory published
2026-04-28
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Firefox, Firefox ESR, and Thunderbird should prioritize patching this vulnerability to prevent potential information disclosure. This vulnerability is particularly concerning for organizations that handle sensitive information, as it could be exploited to gain unauthorized access to sensitive data. Additionally, users who handle sensitive information or work in high-risk environments should take extra precautions to ensure their browsers are up-to-date.

Technical summary

The vulnerability is caused by incorrect boundary conditions in the Audio/Video component of Firefox and Thunderbird. This could allow an attacker to exploit the vulnerability and gain access to sensitive information. The vulnerability has a CVSS score of 7.5 and a severity of HIGH, indicating a high level of risk. The affected products include Firefox, Firefox ESR, and Thunderbird. The fixes were released in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Defensive priority

Patching this vulnerability is of high priority due to its high severity and potential impact on sensitive information. Organizations and individuals should prioritize updating their browsers to the latest versions to prevent potential exploitation.

Recommended defensive actions

  • Patch Firefox to version 150.0.1 or later
  • Patch Firefox ESR to version 140.10.1 or later
  • Patch Firefox ESR to version 115.35.1 or later
  • Patch Thunderbird to version 150.0.1 or later
  • Patch Thunderbird to version 140.10.1 or later

Evidence notes

The CVE-2026-7320 vulnerability was published on 2026-04-28 and last modified on 2026-06-30. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected products include Firefox, Firefox ESR, and Thunderbird. The fixes were released in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Official resources

This article was generated with AI assistance based on the supplied source corpus.