{"id":"CVE-2026-2447","details":"Heap buffer overflow in libvpx. This vulnerability affects Firefox \u003c 147.0.4, Firefox ESR \u003c 140.7.1, Firefox ESR \u003c 115.32.1, Thunderbird \u003c 140.7.2, and Thunderbird \u003c 147.0.2.","modified":"2026-04-16T04:37:16.386445389Z","published":"2026-02-16T15:18:34.740Z","related":["ALSA-2026:3338","ALSA-2026:3339","ALSA-2026:3361","ALSA-2026:3515","ALSA-2026:3516","ALSA-2026:3517","ALSA-2026:3967","ALSA-2026:4447","ALSA-2026:4629","CGA-gp39-6gpm-pmqg","SUSE-SU-2026:0602-1","SUSE-SU-2026:0611-1","SUSE-SU-2026:0692-1","SUSE-SU-2026:20582-1","openSUSE-SU-2026:10212-1","openSUSE-SU-2026:10218-1","openSUSE-SU-2026:10225-1","openSUSE-SU-2026:20253-1","openSUSE-SU-2026:20391-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-10/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-11/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.32.1"}]},{"events":[{"introduced":"0"},{"fixed":"147.0.4"}]},{"events":[{"introduced":"116.0"},{"fixed":"140.7.1"}]},{"events":[{"introduced":"0"},{"fixed":"140.7.2"}]},{"events":[{"introduced":"141.0"},{"fixed":"147.0.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2447.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}