CVE-2026-2447 — Heap-based Buffer Overflow in Mozilla Firefox

CWE-122 — Heap-based Buffer Overflow11 documents10 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 96.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Webmproject Libvpx Mozilla Firefox

Timeline

PublishedFeb 16

Latest updateFeb 19

Description

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmozilla/firefox116.0 — 140.7.1+2

▶NVDmozilla/thunderbird141.0 — 147.0.2+1

▶Debianmozilla/thunderbird< 1:140.8.0esr-1+3

▶Debianwebmproject/libvpx< 1.9.0-1+deb11u5+3

🔴Vulnerability Details

OSV

CVE-2026-2447: Heap buffer overflow in libvpx↗2026-02-16

▶

CVEList

Heap buffer overflow in libvpx↗2026-02-16

▶

GHSA

GHSA-c99q-x737-hc5j: Heap buffer overflow in libvpx↗2026-02-16

▶

📋Vendor Advisories

Ubuntu

libvpx vulnerability↗2026-02-19

▶

Red Hat

libvpx: Heap buffer overflow in libvpx↗2026-02-16

▶

Debian

CVE-2026-2447: firefox - Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Fi...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-10: CVE-2026-2447↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-11: CVE-2026-2447↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2447 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-2447 libvpx: Heap buffer overflow in libvpx [fedora-all]↗2026-02-17

▶