PatchSiren cyber security CVE debrief
CVE-2026-7320 Mozilla CVE debrief
CVE-2026-7320 is a high-severity vulnerability in the Audio/Video component of Firefox and Thunderbird, allowing for information disclosure. The vulnerability was caused by incorrect boundary conditions and was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. The CVE was published on 2026-04-28 and last modified on 2026-06-30. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected products include Firefox, Firefox ESR, and Thunderbird.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-28
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-28
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Firefox, Firefox ESR, and Thunderbird should prioritize patching this vulnerability to prevent potential information disclosure. This vulnerability is particularly concerning for organizations that handle sensitive information, as it could be exploited to gain unauthorized access to sensitive data. Additionally, users who handle sensitive information or work in high-risk environments should take extra precautions to ensure their browsers are up-to-date.
Technical summary
The vulnerability is caused by incorrect boundary conditions in the Audio/Video component of Firefox and Thunderbird. This could allow an attacker to exploit the vulnerability and gain access to sensitive information. The vulnerability has a CVSS score of 7.5 and a severity of HIGH, indicating a high level of risk. The affected products include Firefox, Firefox ESR, and Thunderbird. The fixes were released in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Defensive priority
Patching this vulnerability is of high priority due to its high severity and potential impact on sensitive information. Organizations and individuals should prioritize updating their browsers to the latest versions to prevent potential exploitation.
Recommended defensive actions
- Patch Firefox to version 150.0.1 or later
- Patch Firefox ESR to version 140.10.1 or later
- Patch Firefox ESR to version 115.35.1 or later
- Patch Thunderbird to version 150.0.1 or later
- Patch Thunderbird to version 140.10.1 or later
Evidence notes
The CVE-2026-7320 vulnerability was published on 2026-04-28 and last modified on 2026-06-30. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected products include Firefox, Firefox ESR, and Thunderbird. The fixes were released in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Official resources
-
CVE-2026-7320 CVE record
CVE.org
-
CVE-2026-7320 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.