CVE-2026-2447
EUVD-2026-608116.02.2026, 15:18
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox_esr | 𝑥 < 115.32.1 |
| mozilla | firefox | 𝑥 < 147.0.4 |
| mozilla | firefox_esr | 116.0 ≤ 𝑥 < 140.7.1 |
| mozilla | thunderbird | 𝑥 < 140.7.2 |
| mozilla | thunderbird | 141.0 ≤ 𝑥 < 147.0.2 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| firefox-esr |
| ||||||||||||||||
| libvpx |
| ||||||||||||||||
| thunderbird |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||
| MozillaFirefox-translations-other |
| ||||||||||||||||||||||
| MozillaThunderbird |
| ||||||||||||||||||||||
| MozillaThunderbird-translations-common |
| ||||||||||||||||||||||
| MozillaThunderbird-translations-other |
|
Red Hat Enterprise Linux Releases