{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4697", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-03-23T23:21:57.119Z", "datePublished": "2026-03-24T12:30:27.383Z", "dateUpdated": "2026-05-07T14:52:47.420Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.9", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "149", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.9", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "149", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."}]}], "title": "Incorrect boundary conditions in the Audio/Video: Web Codecs component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"}], "credits": [{"lang": "en", "value": "Lorenzo"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:49:06.974Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-754", "lang": "en", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T12:57:57.923200Z", "id": "CVE-2026-4697", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-07T14:52:47.420Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4697", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T12:57:57.923200Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T12:58:18.740Z"}}], "cna": {"title": "Incorrect boundary conditions in the Audio/Video: Web Codecs component", "credits": [{"lang": "en", "value": "Lorenzo"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140.9", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "149", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.9", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "149", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"}], "descriptions": [{"lang": "en", "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "supportingMedia": [{"type": "text/html", "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:49:06.974Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4697", "state": "PUBLISHED", "dateUpdated": "2026-05-07T14:52:47.420Z", "dateReserved": "2026-03-23T23:21:57.119Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-03-24T12:30:27.383Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DA62D95E-CB01-4586-83DB-5094116FC939", "versionEndExcluding": "140.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "02F2B82F-E997-4D5F-BBB0-237E4962555B", "versionEndExcluding": "149.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."}, {"lang": "es", "value": "Condiciones de contorno incorrectas en el componente Audio/Video: Web Codecs. Esta vulnerabilidad afecta a Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, y Thunderbird < 140.9."}], "id": "CVE-2026-4697", "lastModified": "2026-04-13T15:17:38.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-24T13:16:05.687", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component", "id": "2450729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:\nIncorrect boundary conditions in the Audio/Video: Web Codecs component"], "name": "CVE-2026-4697", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-24T12:30:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4697\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4697\nhttps://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2026-4697\nhttps://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2026-4697"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,149)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Firefox", "source": "cna", "vendor": "Mozilla"}, "product": "firefox", "vendor": "mozilla"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,140.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Firefox ESR", "source": "cna", "vendor": "Mozilla"}, "product": "firefox_esr", "vendor": "mozilla"}], "analysis": {"en": {"generated_at": "2026-04-13T16:53:33.014335+00:00", "value": {"mitigation_remediation": ["Apply the latest Firefox update (version\u202f149 or newer) or the ESR\u202f140.9 release.", "Apply the latest Thunderbird update (version\u202f149 or newer) or the 140.9 release."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Mozilla Firefox before version\u202f149, as well as the Firefox ESR 140.9 baseline. It also impacts Mozilla Thunderbird before version\u202f149 and the Thunderbird ESR 140.9 release. The issue is present in the standard builds of these products and does not affect other browsers or platforms.", "description_and_impact": "The flaw arises from incorrect handling of buffer boundaries in the Web Codecs component. When a crafted audio or video stream is parsed, the component may read or write outside its allocated memory area. This can corrupt stack or heap data and typically results in a crash, causing a denial of service. The weakness is captured by CWE\u2011754 (Incorrect Boundary Checks) and CWE\u2011787 (Out\u2011of\u2011Bounds Write).", "risk_and_exploitability": "The CVSS base score is 7.5, placing the issue in the high\u2011severity range. The EPSS score is less than\u202f1\u202f%, indicating a low probability of exploitation in the near term, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need to deliver a malicious web page that uses the Web Codecs API to trigger the error. While the out\u2011of\u2011bounds access could lead to memory corruption, there is no evidence of a public exploit that escalates to remote code execution, and the current risk is mainly a silent crash of the affected application."}}}}, "created": "2026-03-25T11:48:11.721334+00:00", "updated": "2026-04-14T16:43:32.341594+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr"]}