CRITICAL🇵🇱 Wersja polska

CVE-2026-4691

CVSS 9.8v3.1pub. 2026-03-24upd. 2026-06-30

Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

🤖 AI Analysis
How it works

The use-after-free vulnerability occurs when the application references a memory area after it has been freed during parsing or processing of CSS rules. An attacker can craft appropriately malicious CSS content (e.g., on a website or in an HTML email message) that triggers an incorrect reference to the freed memory. This allows controlled writing or execution of data in that area, which can lead to taking control of the application process.

Impact

An attacker can gain full control over the browser or email client process, which includes disclosure of sensitive data, data modification, and potential arbitrary code execution (RCE) in the context of a logged-in user.

Mitigation & patch

Software must be updated immediately to the following versions: Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149 or Thunderbird 140.9. Patches are available from the vendor according to references (mfsa2026-20, mfsa2026-21, mfsa2026-22, mfsa2026-23).

Who is affected

Mozilla Firefox before version 149, Mozilla Firefox ESR before versions 115.34 and 140.9, Mozilla Thunderbird before version 149, and Mozilla Thunderbird ESR before version 140.9.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 115.34.0< 149.0128.0 – 140.9.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...