Boundary Condition Flaw in Firefox Graphics Component
CVE-2026-4708

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4708?

A boundary condition error in the Graphics component of Firefox has been identified, potentially leading to unexpected behaviors or security concerns for users operating on affected versions of the browser. This vulnerability affects users of Firefox versions prior to 149 and Firefox ESR versions prior to 140.9, highlighting the necessity for prompt updates to maintain secure browsing practices. Users are advised to check their current versions and implement updates as necessary to mitigate risks associated with this vulnerability.

Affected Version(s)

Firefox < 149

Firefox ESR < 140.9

Thunderbird < 149

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2015268

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://www.mozilla.org/security/advisories/mfsa2026-22/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Sajeeb Lohani

CVE-2026-4708 Data

JSON

Mozilla

What is CVE-2026-4708?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit