Description
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A denial‑of‑service flaw affects the Audio/Video: Playback component, allowing an attacker to crash or freeze the application when processing malicious media content. The vulnerability is identified by CWE‑400 and CWE‑770 and can disrupt user experience by rendering the browser or email client unusable. The impact is confined to the affected process and does not compromise confidentiality or integrity of data.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird are affected. Versions prior to 152 contain the flaw; the issue was fixed in Firefox 152 and Thunderbird 152.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. EPSS is below 1%, so exploitation is considered unlikely at present. The vulnerability is not listed in CISA KEV. The likely attack vector is the reception or decoding of a specially crafted audio or video file, which may be delivered locally or via a web page or email attachment. No additional requirements beyond having the vulnerable software running are mentioned.

Generated by OpenCVE AI on June 25, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 152 or later.
  • Upgrade Mozilla Thunderbird to version 152 or later.
  • Enable automatic updates for Mozilla Firefox and Thunderbird to receive the fix promptly.

Generated by OpenCVE AI on June 25, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Vendors & Products Mozilla thunderbird

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152. Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
References

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152.
Title Denial-of-service in the Audio/Video: Playback component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-16T16:08:41.341Z

Reserved: 2026-06-15T15:08:18.531Z

Link: CVE-2026-12319

cve-icon Vulnrichment

Updated: 2026-06-16T14:44:29.903Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-16T13:16:32.563

Modified: 2026-06-16T20:40:33.720

Link: CVE-2026-12319

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-16T11:52:52Z

Links: CVE-2026-12319 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T13:30:15Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-770

    Allocation of Resources Without Limits or Throttling