CVE-2026-7320 — Vulnetix

CVE-2026-7320 PUBLISHED CVSS 8.699999809265137 HIGH

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

EPSS 0.05% · 17.1th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.05%

17.1th percentile

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	115.35.1, 140.10.1, 150.0.1

Timeline

CVE Published
Apr 29, 2026 EPSS Score
Apr 30, 2026 Security Advisory
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 19, 2026 Distribution Patch
May 19, 2026 Security Advisory
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 23, 2026 Distribution Patch

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 url
https://www.mozilla.org/security/advisories/mfsa2026-35/ url
https://www.mozilla.org/security/advisories/mfsa2026-36/ url
https://www.mozilla.org/security/advisories/mfsa2026-37/ url

Open in Interactive Console →