CVE-2026-7320
Information Disclosure in Firefox Audio/Video Component
Publication date: 2026-04-28
Last updated on: 2026-05-01
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0.1 (exc) |
| mozilla | firefox | to 115.35.1 (exc) |
| mozilla | thunderbird | to 150.0.1 (exc) |
| mozilla | thunderbird | to 140.10.1 (exc) |
| mozilla | firefox | From 128.0 (inc) to 140.10.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7320 is a high-impact information disclosure vulnerability caused by incorrect boundary conditions in the Audio/Video component of Firefox ESR.
This flaw could potentially allow unauthorized access to sensitive information due to improper handling of data boundaries within the multimedia processing modules.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information by exploiting incorrect boundary conditions in the Audio/Video component.
An attacker could potentially access data that should be protected, leading to privacy breaches or exposure of confidential multimedia content.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Firefox installations to the fixed versions.
- Upgrade Firefox to version 150.0.1 or later.
- Upgrade Firefox ESR to version 140.10.1 or later.
- Upgrade Firefox ESR to version 115.35.1 or later.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves information disclosure due to incorrect boundary conditions in the Audio/Video component of Firefox ESR, potentially allowing unauthorized access to sensitive information.
Such unauthorized disclosure of sensitive information could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, the provided information does not explicitly detail the specific effects on compliance with these standards.