CVE-2026-2757
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
CVSS
9.8
Critical
EPSS
0.5%
p39
KEV
—
Exploit Today
12
0-100
Published: Feb 24, 2026 · Last modified: Jul 15, 2026 · CWE-1384
0.5%EPSS · 30 days0.5%
2026-06-302026-07-17
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- bugzilla.mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=2001637
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-13/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-14/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-15/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-16/
- www.mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2026-17/
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3338
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3339
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3361
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3491
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3492
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3493
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3494
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3495
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3496
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3497
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3515
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3516
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3517
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3976
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-276010.0 CRI31.8%
——10Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.3dCVE-2026-27599.8 CRI31.8%
——10Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.3d