CRITICALCVE-2026-4716Published Modified CNA mozilla
CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- 140.9
- Affected Products
- 2
Fix available
140.9149
Affected packages
- Mozilla / FirefoxFixed in 140.9, 149
- Mozilla / ThunderbirdFixed in 140.9, 149
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H