CVE-2026-4720
— Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thu…
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4719
— Incorrect boundary conditions in the Graphics: Text component
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4718
— Undefined behavior in the WebRTC: Signaling component
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4716
— Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4715
— Uninitialized memory in the Graphics: Canvas2D component
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4714
— Incorrect boundary conditions in the Audio/Video component
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4713
— Incorrect boundary conditions in the Graphics component
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4712
— Information disclosure in the Widget: Cocoa component
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Information Disclosure
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4710
— Incorrect boundary conditions in the Audio/Video component
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4709
— Incorrect boundary conditions in the Audio/Video: GMP component
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4708
— Incorrect boundary conditions in the Graphics component
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4707
— Incorrect boundary conditions in the Graphics: Canvas2D component
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4706
— Incorrect boundary conditions in the Graphics: Canvas2D component
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4705
— Undefined behavior in the WebRTC: Signaling component
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4704
— Denial-of-service in the WebRTC: Signaling component
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Denial of Service
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4702
— JIT miscompilation in the JavaScript Engine component
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4701
— Use-after-free in the JavaScript Engine component
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Memory Corruption
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
CVE-2026-4700
— Mitigation bypass in the Networking: HTTP component
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
firefox
|
Remote
|
Misconfiguration
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
Mar 24, 2026
