QSearchQSearch

CVE-2026-4698

9.8 CRITICAL

JIT miscompilation in the JavaScript Engine: JIT component

Published: 2026-03-24 · Last updated: 2026-04-13

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-843

Affected products

VendorProduct
mozillafirefox

Description

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component (4.3 MEDIUM)
  • CVE-2026-10701 Incorrect boundary conditions in the Graphics: Text component (7.5 HIGH)
  • CVE-2026-9309 Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata (5.4 MEDIUM)
  • CVE-2026-9308 Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders (5.4 MEDIUM)
  • CVE-2026-9078 Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI ... (5.4 MEDIUM)

Same CWE

  • CVE-2026-45641 Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally (8.4 HIGH)
  • CVE-2026-45635 Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network (8.1 HIGH)
  • CVE-2026-45600 Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate pri... (7.8 HIGH)
  • CVE-2026-45456 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally (8.4 HIGH)
  • CVE-2026-44817 Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally (7.8 HIGH)