CVE-2026-6748

· NIST NVD ↗

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-21
Published

CWE codes

CWE-457

Affected products

mozilla:firefoxmozilla:thunderbird

Sources