CVE-2026-2447

Опубликовано: 16 фев. 2026

Источник: debian

EPSS Низкий

Описание

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Пакеты

Пакет	Статус	Версия исправления	Тип
firefox	fixed	147.0.4-1	package
firefox-esr	fixed	140.8.0esr-1	package
libvpx	fixed	1.16.0-3	package
thunderbird	fixed	1:140.8.0esr-1	package

Примечания

https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
Firefox, Firefox ESR and Thunderbird use the system libvpx library
Same issue as CVE-2026-1861/chromium
https://issues.oss-fuzz.com/issues/476466137
https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1

EPSS

Процентиль: 4%

0.00017

Низкий

Связанные уязвимости

CVE-2026-2447

CVSS3: 8.8

ubuntu

около 1 месяца назад

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

CVE-2026-2447

CVSS3: 7.5

redhat

около 1 месяца назад

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

CVE-2026-2447

CVSS3: 8.8

nvd

около 1 месяца назад

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

openSUSE-SU-2026:20253-1

suse-cvrf

около 1 месяца назад

Security update for MozillaFirefox

SUSE-SU-2026:0692-1

suse-cvrf

26 дней назад

Security update for MozillaThunderbird

EPSS

Процентиль: 4%

0.00017

Низкий