CVE-2026-4721

high

Description

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

References

https://www.mozilla.org/security/advisories/mfsa2026-24/

https://www.mozilla.org/security/advisories/mfsa2026-23/

https://www.mozilla.org/security/advisories/mfsa2026-22/

https://www.mozilla.org/security/advisories/mfsa2026-21/

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4721.json

https://bugzilla.redhat.com/show_bug.cgi?id=2450711

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676

https://access.redhat.com/security/cve/CVE-2026-4721

https://access.redhat.com/errata/RHSA-2026:8850

https://access.redhat.com/errata/RHSA-2026:8427

https://access.redhat.com/errata/RHSA-2026:8315

https://access.redhat.com/errata/RHSA-2026:8290

https://access.redhat.com/errata/RHSA-2026:8289

https://access.redhat.com/errata/RHSA-2026:8288

https://access.redhat.com/errata/RHSA-2026:8287

https://access.redhat.com/errata/RHSA-2026:8286

https://access.redhat.com/errata/RHSA-2026:8285

https://access.redhat.com/errata/RHSA-2026:8284

https://access.redhat.com/errata/RHSA-2026:7858

https://access.redhat.com/errata/RHSA-2026:7845

https://access.redhat.com/errata/RHSA-2026:7843

https://access.redhat.com/errata/RHSA-2026:7842

https://access.redhat.com/errata/RHSA-2026:7841

https://access.redhat.com/errata/RHSA-2026:7840

https://access.redhat.com/errata/RHSA-2026:7839

https://access.redhat.com/errata/RHSA-2026:7838

https://access.redhat.com/errata/RHSA-2026:7837

https://access.redhat.com/errata/RHSA-2026:6917

https://access.redhat.com/errata/RHSA-2026:6342

https://access.redhat.com/errata/RHSA-2026:6188

https://access.redhat.com/errata/RHSA-2026:5932

https://access.redhat.com/errata/RHSA-2026:5931

https://access.redhat.com/errata/RHSA-2026:5930

Details

Source: Mitre, NVD

Published: 2026-03-24

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00008