Mozilla Firefox and Thunderbird Web Codecs Denial-of-Service Vulnerability (CVE-2026-4697)
CVE-2026-4697 is a denial-of-service vulnerability due to incorrect boundary conditions in the Audio/Video Web Codecs component of Mozilla Firefox and Thunderbird, potentially leading to application crashes.
CVE-2026-4697 is a vulnerability affecting Mozilla Firefox and Thunderbird due to incorrect boundary conditions within the Audio/Video: Web Codecs component. This flaw can be exploited by attackers to trigger a denial-of-service condition. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9. An attacker could potentially craft malicious web content that triggers the incorrect…
Detection coverage 2
Detect Firefox/Thunderbird Crash Events
mediumDetects crash events related to Firefox or Thunderbird processes, which could indicate exploitation of CVE-2026-4697.
Detect Firefox/Thunderbird Crash Module Loading
lowDetects specific modules being loaded by Firefox/Thunderbird during a crash, indicative of exploit attempts related to CVE-2026-4697 (requires image load logging).
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1