Denial-of-Service Vulnerability in NSS Component of Firefox
CVE-2026-4727

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4727?

A vulnerability identified in the Libraries component of NSS may allow an attacker to trigger a denial-of-service condition in Firefox versions earlier than 149. This can disrupt normal operation, potentially leading to application crashes and affecting user experience. Users are encouraged to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Firefox < 149

Thunderbird < 149

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2008112

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://www.mozilla.org/security/advisories/mfsa2026-23/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Cody

CVE-2026-4727 Data

JSON

Mozilla

What is CVE-2026-4727?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit