Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
The vulnerability results from undefined behavior in the component responsible for WebRTC signaling. Undefined behavior means that the program code performs operations whose effects are not specified by the language specification, which can lead to unpredictable results — including memory corruption or execution of unintended code. The attack vector is network-based, requires no user interaction or possession of any privileges, making this vulnerability particularly dangerous.
An attacker could potentially gain full control over the confidentiality, integrity, and availability of the system — corresponding to scores C:H/I:H/A:H in the CVSS vector. Exploitation can be conducted remotely without authentication.
Software must be immediately updated to the following versions: Firefox 149, Firefox ESR 140.9, Thunderbird 149, or Thunderbird 140.9, in which the vulnerability has been fixed. Updates are available from the vendor in accordance with references (mfsa2026-20, mfsa2026-22, mfsa2026-23, mfsa2026-24).
Mozilla Firefox versions prior to 149, Mozilla Firefox ESR versions prior to 140.9, Mozilla Thunderbird versions prior to 149, and Mozilla Thunderbird ESR versions prior to 140.9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 140.9.0< 149.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...