PT-2026-35734 · Mozilla+1 · Thunderbird+2

Xuehao Guo

Published

2026-04-28

Updated

2026-05-26

CVE-2026-7320

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.1 Firefox ESR versions prior to 140.10.1 Firefox ESR versions prior to 115.35.1 Thunderbird versions prior to 150.0.1 Thunderbird versions prior to 140.10.1

Description Incorrect boundary conditions in the Audio/Video component lead to information disclosure.

Recommendations Update to version 150.0.1 Update to version 140.10.1 Update to version 115.35.1 Update to version 150.0.1 Update to version 140.10.1

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:19153

ALSA-2026:19157

ALSA-2026:19348

ALSA-2026:19370

ALSA-2026:19588

ALSA-2026:20586

BDU:2026-07459

CVE-2026-7320

OESA-2026-2132

OESA-2026-2133

OESA-2026-2134

OESA-2026-2246

OESA-2026-2275

OPENSUSE-SU-2026:10661-1

OPENSUSE-SU-2026:10668-1

OPENSUSE-SU-2026:10687-1

RHSA-2026:19153

RHSA-2026:19157

RHSA-2026:19348

RHSA-2026:19370

RHSA-2026:19588

RHSA-2026:20586

RHSA-2026:21743

RHSA-2026:22324

RHSA-2026:22408

RHSA-2026:22409

RHSA-2026:22410

RHSA-2026:22708

RHSA-2026:22712

RHSA-2026:22847

Affected Products

Firefox

Rocky Linux

Thunderbird

PT-2026-35734 · Mozilla+1 · Thunderbird+2

CVE-2026-7320

Weakness Enumeration

Related Identifiers

Affected Products

References · 132