CVE-2026-7320EXPLOITEDPATCHED

mozilla · firefox

Information disclosure due to incorrect boundary conditions in the Audio/Video component

Description

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

Affected Products

Vendor	Product	Versions
mozilla	firefox	150.0.0

References

Related News (2 articles)

Tier D

SecurityWeek2h ago

Chrome 147, Firefox 150 Security Updates Rolling Out

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-7320 | Mozilla Firefox up to 150.0.0 Video information disclosure

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

115.35.1140.10.1150.0.1

CWECWE-200

PublishedApr 28, 2026

Last enriched19h agov2

Trending Score67

Source articles2

Independent2

Info Completeness10/14

Missing: epss, kev, exploit, iocs

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-7324EXP

Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 75

HIGHCVE-2026-7322EXP

Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 59

HIGHCVE-2026-7323

Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 39

CRITICALCVE-2026-7321

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

Trending: 33

CRITICALCVE-2026-6768EXP

Mitigation bypass in the Networking: Cookies component

Trending: 26

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Actively Exploited

Apr 28, 2026

Patch Available

Apr 28, 2026

Updated: affectedVersions, activelyExploited, cweIds, mitreAttack

Apr 28, 2026

Version History

Last enriched 19h ago

v2Tier C19h ago

Added affected version 150.0.0, updated exploit availability to false, marked as actively exploited, and included new CWE and MITRE ATT&CK technique.

affectedVersionsactivelyExploitedcweIdsmitreAttack

via VulDB

v121h ago

Initial creation