CVE-2026-4716 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 25, 2026
Firefox - Remote Code Execution
Overview
Firefox < 149 and Firefox ESR < 140.9 contain a memory corruption vulnerability caused by incorrect boundary conditions and uninitialized memory in the JavaScript Engine, letting attackers potentially execute arbitrary code, exploit requires crafted input.
Severity & Score
Impact
Attackers can execute arbitrary code remotely, potentially leading to full system compromise.
Mitigation
Update to Firefox 149 and Firefox ESR 140.9 or later.
References
Social Media Activity(1 post)
š“ CVE-2026-4716 - Critical (9.1) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. š https://www.thehackerwire.com/vulnerability/CVE-2026-4716/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4716
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- modified
- EPSS
- 1.7%
- Social Posts
- 1
CWE
- CWE-908
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H