CVE-2026-4698 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 24, 2026
Firefox - Remote Code Execution & Denial of Service
Published: March 24, 2026Updated: March 24, 2026Remote Exploitable
Overview
Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9 contain a JIT miscompilation vulnerability in the JavaScript Engine, letting attackers cause incorrect code execution or crashes, exploit requires crafted JavaScript code.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause incorrect code execution or crashes, potentially leading to denial of service or code execution.
Mitigation
Update to Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9 or later.
References
- https://www.mozilla.org/security/advisories/mfsa2026-23/
- https://www.mozilla.org/security/advisories/mfsa2026-24/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2020906
- https://www.mozilla.org/security/advisories/mfsa2026-20/
- https://www.mozilla.org/security/advisories/mfsa2026-21/
- https://www.mozilla.org/security/advisories/mfsa2026-22/
Related Resources
Details
- CVE ID
- CVE-2026-4698
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- modified
CWE
- CWE-843
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H