Description
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
Product status
140.7.1 (rpm)
147.0.4 (rpm)
147.0.2 (rpm)
Credits
jayjayjazz
References
lists.debian.org/debian-lts-announce/2026/02/msg00028.html
access.redhat.com/security/cve/CVE-2026-2447
bugzilla.redhat.com/show_bug.cgi?id=2440219 (RHBZ#2440219)
security.access.redhat.com/...v2/vex/2026/cve-2026-2447.json
access.redhat.com/errata/RHSA-2026:3984
access.redhat.com/errata/RHSA-2026:5320
access.redhat.com/errata/RHSA-2026:3976
access.redhat.com/errata/RHSA-2026:5227
access.redhat.com/errata/RHSA-2026:4260
access.redhat.com/errata/RHSA-2026:3361
access.redhat.com/errata/RHSA-2026:4629
access.redhat.com/errata/RHSA-2026:3517
access.redhat.com/errata/RHSA-2026:3338
access.redhat.com/errata/RHSA-2026:3967
access.redhat.com/errata/RHSA-2026:3515
access.redhat.com/errata/RHSA-2026:3492
access.redhat.com/errata/RHSA-2026:5228
access.redhat.com/errata/RHSA-2026:4432
access.redhat.com/errata/RHSA-2026:3491
access.redhat.com/errata/RHSA-2026:5323
access.redhat.com/errata/RHSA-2026:3980
access.redhat.com/errata/RHSA-2026:3495
access.redhat.com/errata/RHSA-2026:5229
access.redhat.com/errata/RHSA-2026:3979
access.redhat.com/errata/RHSA-2026:3494
access.redhat.com/errata/RHSA-2026:5230
access.redhat.com/errata/RHSA-2026:4022
access.redhat.com/errata/RHSA-2026:3493
access.redhat.com/errata/RHSA-2026:5326
access.redhat.com/errata/RHSA-2026:3983
access.redhat.com/errata/RHSA-2026:4152
access.redhat.com/errata/RHSA-2026:5319
access.redhat.com/errata/RHSA-2026:3978
access.redhat.com/errata/RHSA-2026:3496
access.redhat.com/errata/RHSA-2026:5324
access.redhat.com/errata/RHSA-2026:3981
access.redhat.com/errata/RHSA-2026:3497
access.redhat.com/errata/RHSA-2026:5231
access.redhat.com/errata/RHSA-2026:3982
access.redhat.com/errata/RHSA-2026:3339
access.redhat.com/errata/RHSA-2026:4447
access.redhat.com/errata/RHSA-2026:3516
access.redhat.com/errata/RHSA-2026:8748
access.redhat.com/errata/RHSA-2026:8746
access.redhat.com/errata/RHSA-2026:8747
access.redhat.com/errata/RHSA-2026:16174
bugzilla.mozilla.org/show_bug.cgi?id=2014390
www.mozilla.org/security/advisories/mfsa2026-10/
www.mozilla.org/security/advisories/mfsa2026-11/