Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
https://www.mozilla.org/security/advisories/mfsa2026-51/
https://www.mozilla.org/security/advisories/mfsa2026-50/
https://www.mozilla.org/security/advisories/mfsa2026-48/
https://www.mozilla.org/security/advisories/mfsa2026-47/
https://www.mozilla.org/security/advisories/mfsa2026-46/
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8946.json
https://bugzilla.redhat.com/show_bug.cgi?id=2479849
https://bugzilla.mozilla.org/show_bug.cgi?id=2029070
https://access.redhat.com/security/cve/CVE-2026-8946
https://access.redhat.com/errata/RHSA-2026:27715
https://access.redhat.com/errata/RHSA-2026:26630
https://access.redhat.com/errata/RHSA-2026:26629
https://access.redhat.com/errata/RHSA-2026:26606
https://access.redhat.com/errata/RHSA-2026:26551
https://access.redhat.com/errata/RHSA-2026:26539
https://access.redhat.com/errata/RHSA-2026:26536
https://access.redhat.com/errata/RHSA-2026:26521
https://access.redhat.com/errata/RHSA-2026:26493
https://access.redhat.com/errata/RHSA-2026:26492
https://access.redhat.com/errata/RHSA-2026:26491
https://access.redhat.com/errata/RHSA-2026:26270
https://access.redhat.com/errata/RHSA-2026:26269
https://access.redhat.com/errata/RHSA-2026:26268
https://access.redhat.com/errata/RHSA-2026:26174
https://access.redhat.com/errata/RHSA-2026:22643
https://access.redhat.com/errata/RHSA-2026:22325
https://access.redhat.com/errata/RHSA-2026:21382
https://access.redhat.com/errata/RHSA-2026:21381