CVE-2026-2773 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents9 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 92.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedFeb 24

Description

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDmozilla/firefox128.0 — 140.8.0+2

▶NVDmozilla/thunderbird< 140.8.0+1

▶Debianmozilla/thunderbird< 1:140.8.0esr-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-gjwv-rvwj-p62j: Incorrect boundary conditions in the Web Audio component↗2026-02-24

▶

OSV

CVE-2026-2773: Incorrect boundary conditions in the Web Audio component↗2026-02-24

▶

CVEList

Incorrect boundary conditions in the Web Audio component↗2026-02-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Incorrect boundary conditions in the Web Audio component↗2026-02-24

▶

Debian

CVE-2026-2773: firefox - Incorrect boundary conditions in the Web Audio component. This vulnerability aff...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-14: CVE-2026-2773↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-13: CVE-2026-2773↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-16: CVE-2026-2773↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2773 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-2773 firefox: thunderbird: Incorrect boundary conditions in the Web Audio component↗2026-02-24

▶