PT-2026-27390 · Mozilla+1 · Thunderbird+3

Fabius Artrel

·

Published

2026-01-01

·

Updated

2026-04-17

·

CVE-2026-4691

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9
Description A use-after-free issue exists in the CSS Parsing and Computation component. This can potentially allow for unexpected behavior or crashes.
Recommendations Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:5930
ALSA-2026:5931
ALSA-2026:5932
ALSA-2026:6188
ALSA-2026:6342
ALSA-2026:6917
BDU:2026-04815
CVE-2026-4691
MGASA-2026-0080
MGASA-2026-0081
OESA-2026-1705
OESA-2026-1706
OESA-2026-1707
OESA-2026-1708
OESA-2026-1709
OESA-2026-1993
OESA-2026-1994
OPENSUSE-SU-2026:10413-1
OPENSUSE-SU-2026:10447-1
OPENSUSE-SU-2026:10458-1
OPENSUSE-SU-2026:20439-1
RHSA-2026:5930
RHSA-2026:5931
RHSA-2026:5932
RHSA-2026:6188
RHSA-2026:6342
RHSA-2026:6917
RHSA-2026:7837
RHSA-2026:7838
RHSA-2026:7839
RHSA-2026:7840
RHSA-2026:7841
RHSA-2026:7842
RHSA-2026:7843
RHSA-2026:7845
RHSA-2026:7858
RHSA-2026:8284
RHSA-2026:8285
RHSA-2026:8286
RHSA-2026:8287
RHSA-2026:8288
RHSA-2026:8289
RHSA-2026:8290
RHSA-2026:8315
RHSA-2026:8427
RHSA-2026:8850
SUSE-SU-2026:1126-1
SUSE-SU-2026:1127-1
SUSE-SU-2026:1163-1
SUSE-SU-2026:20978-1

Affected Products

Firefox
Firefox Esr
Rocky Linux
Thunderbird