CVE-2026-2774 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox - Integer Overflow
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8 contain an integer overflow in the Audio/Video component, letting attackers potentially cause memory corruption or unexpected behavior, exploit requires crafted input.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause memory corruption or unexpected behavior, potentially leading to crashes or code execution.
Mitigation
Update to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8 or later versions.
References
- https://www.mozilla.org/security/advisories/mfsa2026-15/
- https://www.mozilla.org/security/advisories/mfsa2026-16/
- https://www.mozilla.org/security/advisories/mfsa2026-17/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014883
- https://www.mozilla.org/security/advisories/mfsa2026-13/
- https://www.mozilla.org/security/advisories/mfsa2026-14/
Related Resources
Details
- CVE ID
- CVE-2026-2774
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- integer_overflow
- Status
- confirmed
CWE
- CWE-190
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H