CVE-2026-4716

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component

CVSS 9.1 CRITICALEPSS 0.4%CWE-908

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Produtos afetados

Mozilla · Firefox Mozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.mozilla.org/show_bug.cgi?id=2018592 https://www.mozilla.org/security/advisories/mfsa2026-20/https://www.mozilla.org/security/advisories/mfsa2026-22/https://www.mozilla.org/security/advisories/mfsa2026-23/https://www.mozilla.org/security/advisories/mfsa2026-24/