Security Vulnerability Report
中文
CVE-2026-7320 CVSS 7.5 HIGH

CVE-2026-7320

Published: 2026-04-28 15:16:37
Last Modified: 2026-05-01 12:32:06
Source: [email protected]

Description

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE
Firefox < 150.0.1
Firefox ESR < 140.10.1
Firefox ESR < 115.35.1
Thunderbird < 150.0.1
Thunderbird < 140.10.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-7320 (Conceptual) This PoC demonstrates how a malicious media file could trigger the information disclosure vulnerability in the affected components. --> <html> <head> <title>CVE-2026-7320 PoC</title> </head> <body> <h3>Testing Firefox/Thunderbird A/V Component Info Leak</h3> <!-- In a real-world scenario, the src attribute would point to a specifically crafted media file designed to trigger the incorrect boundary condition in the codec. --> <video id="targetVideo" controls> <source src="exploit_av_boundary.mp4" type="video/mp4"> Your browser does not support the video tag. </video> <script> const video = document.getElementById('targetVideo'); video.onloadedmetadata = function() { console.log("[+] Media loaded, attempting to trigger vulnerability..."); try { // Hypothetical interaction to trigger the read // Simulating the condition where boundary check fails video.play().then(() => { console.log("[+] Playback started, memory reading phase initiated."); // Logic to capture leaked data would go here }).catch(e => { console.log("[-] Playback interrupted: " + e); }); } catch (error) { console.log("[-] Exception caught during exploit attempt: " + error); } }; video.onerror = function() { console.log("[-] Error loading media file."); }; </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-7320", "sourceIdentifier": "[email protected]", "published": "2026-04-28T15:16:37.447", "lastModified": "2026-05-01T12:32:05.890", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "115.35.1", "matchCriteriaId": "FE4AC4E3-4332-49A9-9FA7-00274A5C32B2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "2256A965-6FB9-464D-9A25-F6DA1811686D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionStartIncluding": "128.0", "versionEndExcluding": "140.10.1", "matchCriteriaId": "EDA22B21-647B-4D1F-A591-8D650E59C942"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.10.1", "matchCriteriaId": "1E82C76E-35A0-4513-A8A8-D20DAF8C7F4B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "C52D9F1F-104D-4A17-97C0-E4AA35DEF2AB"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027433", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-35/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-36/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-37/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-38/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-39/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.