Information Disclosure in Firefox Browser by Mozilla
CVE-2026-4712

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4712?

This vulnerability involves information disclosure in the Widget: Cocoa component of Mozilla's Firefox browser, affecting versions prior to Firefox 149 and Firefox ESR versions less than 140.9. Exploitation of this flaw could allow attackers to access sensitive data which could compromise user privacy and security. Users are advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Firefox < 149

Firefox ESR < 140.9

Thunderbird < 149

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2017666

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://www.mozilla.org/security/advisories/mfsa2026-22/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Josh Aas

CVE-2026-4712 Data

JSON