vulnerability

MFSA2026-22 Firefox: Security Vulnerabilities fixed in Firefox ESR 140.9 (CVE-2026-4716)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:N/A:C)	Mar 24, 2026	Mar 27, 2026	Apr 15, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

Mar 24, 2026

Added

Mar 27, 2026

Modified

Apr 15, 2026

Description

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Solution

mozilla-firefox-esr-upgrade-140_9

References

CVE-2026-4716
https://attackerkb.com/topics/CVE-2026-4716
CWE-908
EUVD-EUVD-2026-14848
http://www.mozilla.org/security/announce/2026/mfsa2026-22.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-14848

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report