Denial-of-Service Vulnerability in Firefox by Mozilla
CVE-2026-4726

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4726?

A denial-of-service vulnerability exists in the XML component of Firefox, impacting all versions prior to 149. This flaw can be exploited to disrupt the normal functioning of the browser, leading to potential service outages and a negative user experience. Ensuring that your Firefox installation is updated is critical to maintaining a secure browsing environment.

Affected Version(s)

Firefox < 149

Thunderbird < 149

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1955311

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://www.mozilla.org/security/advisories/mfsa2026-23/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Hanno Boeck

CVE-2026-4726 Data

JSON