CVE-2026-8946 Incorrect boundary conditions in the Audio/Video: Web Codecs component

🗓️ 19 May 2026 12:29:36Reported by mozillaType

Boundary condition error in the Audio Video Web Codecs component fixed in Firefox 151 and Firefox Extended Support Release 115.36 and 140.11.

Reporter	Title	Published	Views	Family All 222
ATTACKERKB	CVE-2026-8946	19 May 202612:29	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1793)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-061 (ALASFIREFOX-2026-061)	8 Jun 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2026:21378)	3 Jun 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2026:21380)	29 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2026:21381)	29 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2026:21382)	29 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : thunderbird (ALSA-2026:22325)	3 Jun 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : thunderbird (ALSA-2026:22643)	3 Jun 202600:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.36",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.11",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "151",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.11",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "151",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2026-46/
mozilla	www.mozilla.org/security/advisories/mfsa2026-50/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2026-47/
mozilla	www.mozilla.org/security/advisories/mfsa2026-48/
mozilla	www.mozilla.org/security/advisories/mfsa2026-51/

19 May 2026 17:10Current

EPSS0.0045