CVE-2026-8968
Denial-of-Service in Firefox Due to Invalid Pointer in Web Codecs
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 151.0.0 (exc) |
| mozilla | firefox | to 140.11.0 (exc) |
| mozilla | thunderbird | to 140.11 (exc) |
| mozilla | thunderbird | to 151.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service issue caused by an invalid pointer in the Audio/Video: Web Codecs component of Mozilla Firefox.
It means that due to improper handling of pointers in this component, an attacker could cause the application to crash or become unresponsive.
The issue was fixed in Firefox version 151 and Firefox ESR 140.11.
How can this vulnerability impact me? :
This vulnerability can impact you by causing denial-of-service conditions in Firefox.
An attacker could exploit the invalid pointer issue to crash the browser or make it unresponsive, disrupting your ability to use it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 151 or later, or Firefox ESR to version 140.11 or later, where the issue has been fixed.