CVE-2026-2447

Опубликовано: 16 фев. 2026

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Heap buffer overflow in libvpx.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	rhel10/firefox-flatpak	Affected
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	libvpx	Out of support scope
Red Hat Enterprise Linux 10	firefox	Fixed	RHSA-2026:3361	25.02.2026
Red Hat Enterprise Linux 10	thunderbird	Fixed	RHSA-2026:3517	02.03.2026
Red Hat Enterprise Linux 10	libvpx	Fixed	RHSA-2026:4629	16.03.2026
Red Hat Enterprise Linux 10.0 Extended Update Support	firefox	Fixed	RHSA-2026:3976	09.03.2026
Red Hat Enterprise Linux 10.0 Extended Update Support	thunderbird	Fixed	RHSA-2026:4260	11.03.2026
Red Hat Enterprise Linux 10.0 Extended Update Support	libvpx	Fixed	RHSA-2026:5227	23.03.2026
Red Hat Enterprise Linux 7 Extended Lifecycle Support	firefox	Fixed	RHSA-2026:3984	09.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=2440219libvpx: Heap buffer overflow in libvpx

EPSS

Процентиль: 36%

0.00454

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2026-2447

CVSS3: 8.8

ubuntu

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

CVE-2026-2447

CVSS3: 8.8

nvd

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

CVE-2026-2447

CVSS3: 8.8

debian

4 месяца назад

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefo ...

openSUSE-SU-2026:20253-1

suse-cvrf

4 месяца назад

Security update for MozillaFirefox

SUSE-SU-2026:0692-1

suse-cvrf

4 месяца назад

Security update for MozillaThunderbird

EPSS

Процентиль: 36%

0.00454

Низкий

7.5 High

CVSS3