Permalink
CVE-2026-2447
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@jopejoe1
removed
11 packages
- firefoxpwa
- faust2firefox
- firefox_decrypt
- firefox-gnome-theme
- firefox-sync-client
- pkgsRocm.firefoxpwa
- gnomeExtensions.firefox-profiles
- roundcubePlugins.thunderbird_labels
- gnomeExtensions.firefox-pip-always-on-top
- gnomeExtensions.pip-alwaysontop-for-firefox
- vscode-extensions.firefox-devtools.vscode-firefox-debug
-
@LeSuisse
removed
17 packages
- thunderbirdPackages.thunderbird-128
- pkgsRocm.firefox
- pkgsRocm.thunderbird
- pkgsRocm.firefox-beta
- pkgsRocm.thunderbird-unwrapped
- firefox-devedition-unwrapped
- pkgsRocm.firefox-devedition
- pkgsRocm.firefox-unwrapped
- pkgsRocm.thunderbird-latest
- pkgsRocm.thunderbird-latest-unwrapped
- pkgsRocm.firefox-devedition-unwrapped
- pkgsRocm.thunderbirdPackages.thunderbird
- pkgsRocm.thunderbirdPackages.thunderbird-latest
- thunderbird-128-unwrapped
- pkgsRocm.firefox-mobile
- pkgsRocm.firefox-beta-unwrapped
- firefox-beta-unwrapped
-
@LeSuisse
removed
4 maintainers
- @nbp
- @vcunat
- @mweinelt
- @lovesegfault
- @LeSuisse accepted
- @LeSuisse published on GitHub
Heap buffer overflow in libvpx
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014390
- https://www.mozilla.org/security/advisories/mfsa2026-10/
- https://www.mozilla.org/security/advisories/mfsa2026-11/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014390
- https://www.mozilla.org/security/advisories/mfsa2026-10/
- https://www.mozilla.org/security/advisories/mfsa2026-11/
Affected products
Firefox
- <147.0.4
Firefox ESR
- <140.7.1
- <115.32.1
Thunderbird
- <147.0.2
- <140.7.2
Matching in nixpkgs
pkgs.firefox-unwrapped
Web browser built from Firefox source tree
pkgs.firefox-esr-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
pkgs.thunderbird-unwrapped
Full-featured e-mail client
pkgs.firefox-esr-140-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
pkgs.thunderbird-140-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
pkgs.thunderbird-esr-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
pkgs.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-140
Full-featured e-mail client
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.7.0esr
-
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr
Package maintainers
Ignored maintainers (4)
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@vcunat Vladimír Čunát <v@cunat.cz>