CVE-2026-4698 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 24, 2026
Firefox - Remote Code Execution & Denial of Service
Overview
Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9 contain a JIT miscompilation vulnerability in the JavaScript Engine, letting attackers cause incorrect code execution or crashes, exploit requires crafted JavaScript code.
Severity & Score
Impact
Attackers can cause incorrect code execution or crashes, potentially leading to denial of service or code execution.
Mitigation
Update to Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9 or later.
References
- https://www.mozilla.org/security/advisories/mfsa2026-21/
- https://www.mozilla.org/security/advisories/mfsa2026-22/
- https://www.mozilla.org/security/advisories/mfsa2026-23/
- https://www.mozilla.org/security/advisories/mfsa2026-24/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2020906
- https://www.mozilla.org/security/advisories/mfsa2026-20/
Social Media Activity(1 post)
🔴 New security advisory: CVE-2026-4698 affects Mozilla Firefox. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-4698-firefox-jit-compiler-vulnerability #Cybersecurity #ZeroDay #ThreatIntel
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4698
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- modified
- EPSS
- 2.0%
- Social Posts
- 1
CWE
- CWE-843
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H