CVE-2026-4698

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 149 Firefox ESR versions prior to 115.34 and 140.9 Thunderbird versions prior to 149 and 140.9

Description: A flaw exists in the JavaScript Engine's JIT component, specifically a JIT miscompilation issue. This can lead to potential security risks.

Recommendations: Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later, or 140.9 or later. Update Thunderbird to version 149 or later, or 140.9 or later.

Fix

RCE

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2026:5930

ALSA-2026:5931

ALSA-2026:5932

ALSA-2026:6188

ALSA-2026:6342

CVE-2026-4698

MGASA-2026-0080

MGASA-2026-0081

OPENSUSE-SU-2026:10413-1

OPENSUSE-SU-2026:10447-1

OPENSUSE-SU-2026:10458-1

OPENSUSE-SU-2026:20439-1

SUSE-SU-2026:1126-1

SUSE-SU-2026:1127-1

SUSE-SU-2026:1163-1

ZDI-26-252

Affected Products

Firefox

Firefox Esr

Thunderbird

CVE-2026-4698

Weakness Enumeration

Related Identifiers

Affected Products

References · 191