GHSA-r67f-xmr7-94cc

GHSA-r67f-xmr7-94cc PUBLISHED CVSS 9.100000381469727 CRITICAL

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Timeline

Mar 24, 2026 CVE Published
Mar 24, 2026 CVE Updated
Apr 10, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-4716 advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2018592 url
https://www.mozilla.org/security/advisories/mfsa2026-20 url
https://www.mozilla.org/security/advisories/mfsa2026-22 url
https://www.mozilla.org/security/advisories/mfsa2026-23 url
https://www.mozilla.org/security/advisories/mfsa2026-24 url

Open in Interactive Console →