CVE-2026-4698
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk50th percentile - higher than 50% of all known CVEs
Summary
A JIT miscompilation vulnerability was found in the JavaScript Engine of Firefox and Thunderbird, potentially leading to incorrect code execution. It is fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Risk Assessment
An attacker could exploit this flaw to execute arbitrary code remotely or cause a denial of service, compromising system confidentiality and availability.
Recommendation
Immediately update Firefox and Thunderbird to the patched versions: Firefox 149, ESR 115.34/140.9, Thunderbird 149/140.9.
Original NVD description (English source)
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

