CVE Catalog

CVE-2026-4698

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

50th percentile - higher than 50% of all known CVEs

Summary

A JIT miscompilation vulnerability was found in the JavaScript Engine of Firefox and Thunderbird, potentially leading to incorrect code execution. It is fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Risk Assessment

An attacker could exploit this flaw to execute arbitrary code remotely or cause a denial of service, compromising system confidentiality and availability.

Recommendation

Immediately update Firefox and Thunderbird to the patched versions: Firefox 149, ESR 115.34/140.9, Thunderbird 149/140.9.

Original NVD description (English source)

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS