CVE-2026-2447

Опубликовано: 16 фев. 2026

Источник: debian

EPSS Низкий

Описание

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

Пакеты

Пакет	Статус	Версия исправления	Тип
firefox	fixed	147.0.4-1	package
firefox-esr	fixed	140.8.0esr-1	package
libvpx	fixed	1.16.0-3	package
thunderbird	fixed	1:140.8.0esr-1	package

Примечания

https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
Firefox, Firefox ESR and Thunderbird use the system libvpx library
Same issue as CVE-2026-1861/chromium
https://issues.oss-fuzz.com/issues/476466137
https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1

EPSS

Процентиль: 36%

0.00454

Низкий

Связанные уязвимости

CVE-2026-2447

CVSS3: 8.8

ubuntu

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

CVE-2026-2447

CVSS3: 7.5

redhat

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

CVE-2026-2447

CVSS3: 8.8

nvd

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

openSUSE-SU-2026:20253-1

suse-cvrf

4 месяца назад

Security update for MozillaFirefox

SUSE-SU-2026:0692-1

suse-cvrf

4 месяца назад

Security update for MozillaThunderbird

EPSS

Процентиль: 36%

0.00454

Низкий