CVE-2026-2773 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox - Undefined Vulnerability
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8 contain a vulnerability caused by incorrect boundary conditions in the Web Audio component, letting attackers potentially cause unexpected behavior, exploit requires crafted input.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause unexpected behavior or potential crashes, possibly leading to denial of service or other impacts.
Mitigation
Update to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8 or later versions.
References
- https://www.mozilla.org/security/advisories/mfsa2026-17/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014832
- https://www.mozilla.org/security/advisories/mfsa2026-13/
- https://www.mozilla.org/security/advisories/mfsa2026-14/
- https://www.mozilla.org/security/advisories/mfsa2026-15/
- https://www.mozilla.org/security/advisories/mfsa2026-16/
Related Resources
Details
- CVE ID
- CVE-2026-2773
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- confirmed
CWE
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H