Skip to content
Threat Feed
high advisory

Mozilla Firefox Audio/Video Boundary Condition Vulnerability (CVE-2026-4714)

CVE-2026-4714 is a high-severity vulnerability affecting Firefox, Firefox ESR, and Thunderbird due to incorrect boundary conditions in the Audio/Video component, potentially leading to denial-of-service.

CVE-2026-4714 describes a vulnerability found in the Audio/Video component of Mozilla Firefox, Firefox ESR, and Thunderbird. This flaw stems from incorrect boundary conditions, which could be exploited by attackers to cause a denial-of-service. The vulnerability impacts Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird versions prior to 140.9. This vulnerability was published on 2026-03-24 and assigned a CVSS v3.1 base score of 7.5, indicating a high severity. Successful exploitation could lead to service disruption for users of the affected software. Defenders should prioritize patching affected systems to mitigate this risk.

Attack Chain

  1. An attacker crafts a malicious audio or video file or network stream.
  2. The attacker hosts the malicious content on a website or sends it via email.
  3. A user opens the attacker-controlled webpage in a vulnerable version of Firefox, or opens the malicious attachment in Thunderbird.
  4. The browser or email client attempts to process the malicious audio or video data.
  5. Due to incorrect boundary conditions in the Audio/Video component, a buffer overflow or similar memory corruption error occurs.
  6. The application crashes due to the memory corruption, resulting in a denial-of-service condition.
  7. (Hypothetical) In a more severe exploitation scenario, the attacker could potentially achieve remote code execution, although this is not explicitly stated in the advisory.

Impact

Successful exploitation of CVE-2026-4714 can lead to a denial-of-service condition, causing the affected Firefox, Firefox ESR, or Thunderbird application to crash. While the vulnerability has a high CVSS score, the primary impact is service disruption. A widespread, successful attack against organizations relying on these applications could impact productivity and user experience. The NVD lists this vulnerability as affecting Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Recommendation

  • Immediately update Firefox to version 149 or later to patch CVE-2026-4714.
  • Immediately update Firefox ESR to version 140.9 or later to patch CVE-2026-4714.
  • Immediately update Thunderbird to version 149 or later to patch CVE-2026-4714.
  • Deploy the Sigma rule "Detect Firefox/Thunderbird Crashes" to identify potential exploitation attempts in your environment, monitoring the process_creation log source for crashes.

Detection coverage 2

Detect Firefox/Thunderbird Crashes

medium

Detects crashes of Firefox or Thunderbird processes, which could be indicative of CVE-2026-4714 exploitation attempts.

sigma tactics: availability techniques: T1499.004 sources: process_creation, windows

Detect Firefox Audio/Video Process Creation

low

Detects the creation of a new process by firefox that handles audio or video encoding/decoding which may be a sign of exploitation of a vulnerability

sigma tactics: execution sources: process_creation, windows

Detection queries are available on the platform. Get full rules →