Home

Description

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

PUBLISHED Reserved 2026-02-13 | Published 2026-02-16 | Updated 2026-07-15 | Assigner mozilla

Product status

115.32.1 (rpm)
unaffected

140.7.1 (rpm)
unaffected

147.0.4 (rpm)
unaffected

140.7.2 (rpm)
unaffected

147.0.2 (rpm)
unaffected

Credits

jayjayjazz

References

lists.debian.org/debian-lts-announce/2026/02/msg00028.html

access.redhat.com/security/cve/CVE-2026-2447 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2440219 (RHBZ#2440219) issue-tracking

security.access.redhat.com/...v2/vex/2026/cve-2026-2447.json

access.redhat.com/errata/RHSA-2026:3984 vendor-advisory

access.redhat.com/errata/RHSA-2026:5320 vendor-advisory

access.redhat.com/errata/RHSA-2026:3976 vendor-advisory

access.redhat.com/errata/RHSA-2026:5227 vendor-advisory

access.redhat.com/errata/RHSA-2026:4260 vendor-advisory

access.redhat.com/errata/RHSA-2026:3361 vendor-advisory

access.redhat.com/errata/RHSA-2026:4629 vendor-advisory

access.redhat.com/errata/RHSA-2026:3517 vendor-advisory

access.redhat.com/errata/RHSA-2026:3338 vendor-advisory

access.redhat.com/errata/RHSA-2026:3967 vendor-advisory

access.redhat.com/errata/RHSA-2026:3515 vendor-advisory

access.redhat.com/errata/RHSA-2026:3492 vendor-advisory

access.redhat.com/errata/RHSA-2026:5228 vendor-advisory

access.redhat.com/errata/RHSA-2026:4432 vendor-advisory

access.redhat.com/errata/RHSA-2026:3491 vendor-advisory

access.redhat.com/errata/RHSA-2026:5323 vendor-advisory

access.redhat.com/errata/RHSA-2026:3980 vendor-advisory

access.redhat.com/errata/RHSA-2026:3495 vendor-advisory

access.redhat.com/errata/RHSA-2026:5229 vendor-advisory

access.redhat.com/errata/RHSA-2026:3979 vendor-advisory

access.redhat.com/errata/RHSA-2026:3494 vendor-advisory

access.redhat.com/errata/RHSA-2026:5230 vendor-advisory

access.redhat.com/errata/RHSA-2026:4022 vendor-advisory

access.redhat.com/errata/RHSA-2026:3493 vendor-advisory

access.redhat.com/errata/RHSA-2026:5326 vendor-advisory

access.redhat.com/errata/RHSA-2026:3983 vendor-advisory

access.redhat.com/errata/RHSA-2026:4152 vendor-advisory

access.redhat.com/errata/RHSA-2026:5319 vendor-advisory

access.redhat.com/errata/RHSA-2026:3978 vendor-advisory

access.redhat.com/errata/RHSA-2026:3496 vendor-advisory

access.redhat.com/errata/RHSA-2026:5324 vendor-advisory

access.redhat.com/errata/RHSA-2026:3981 vendor-advisory

access.redhat.com/errata/RHSA-2026:3497 vendor-advisory

access.redhat.com/errata/RHSA-2026:5231 vendor-advisory

access.redhat.com/errata/RHSA-2026:3982 vendor-advisory

access.redhat.com/errata/RHSA-2026:3339 vendor-advisory

access.redhat.com/errata/RHSA-2026:4447 vendor-advisory

access.redhat.com/errata/RHSA-2026:3516 vendor-advisory

access.redhat.com/errata/RHSA-2026:8748 vendor-advisory

access.redhat.com/errata/RHSA-2026:8746 vendor-advisory

access.redhat.com/errata/RHSA-2026:8747 vendor-advisory

access.redhat.com/errata/RHSA-2026:16174 vendor-advisory

bugzilla.mozilla.org/show_bug.cgi?id=2014390

www.mozilla.org/security/advisories/mfsa2026-10/

www.mozilla.org/security/advisories/mfsa2026-11/

cve.org (CVE-2026-2447)

nvd.nist.gov (CVE-2026-2447)

Download JSON