Description
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
Published: 2026-03-10
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap buffer overflow that can lead to memory corruption and potentially arbitrary code execution on Android devices running older Firefox versions
Action: Immediate Patch
AI Analysis

Impact

Firefox for Android contains a heap buffer overflow in the Audio/Video: Playback component. If an attacker can supply crafted audio or video data, the overflow can corrupt the heap, potentially leading to a crash, denial‑of‑service, or execution of arbitrary code. The vulnerability is a classic memory corruption flaw (CWE‑122) that threatens the confidentiality or integrity of data in the affected process.

Affected Systems

All Android installations of Mozilla Firefox that are older than version 148.0.2 are affected. The vulnerability was fixed in that release, so any device running Firefox 148.0.2 or newer is no longer susceptible.

Risk and Exploitability

The CVSS score of 8.8 classifies this issue as high severity. The EPSS score of less than 1% indicates a very low likelihood of widespread exploitation at present, and the vulnerability is not yet listed in CISA’s Known Exploited Vulnerabilities catalog. Nonetheless, because an attacker can trigger the flaw remotely by delivering malicious media to the browser, the risk remains significant for environments that rely on Firefox for Android. Mitigation through an up‑to‑date Firefox package is the recommended approach.

Generated by OpenCVE AI on April 15, 2026 at 15:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install Mozilla Firefox version 148.0.2 or newer from the official Play Store or Mozilla website
  • Enable automatic updates for Firefox to receive future security patches as soon as they are released
  • Deploy a media‑content filtering solution on the device or network to block or monitor suspicious audio and video files as a temporary measure until the browser is updated

Generated by OpenCVE AI on April 15, 2026 at 15:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2. Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 10 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
Title Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:53:59.701Z

Reserved: 2026-03-09T19:29:38.565Z

Link: CVE-2026-3845

cve-icon Vulnrichment

Updated: 2026-03-10T15:32:06.470Z

cve-icon NVD

Status : Modified

Published: 2026-03-10T18:19:05.507

Modified: 2026-04-13T15:17:34.783

Link: CVE-2026-3845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:00:07Z

Weaknesses