CVE-2026-4702
JIT Miscompilation in Firefox JavaScript Engine Causes Potential Exploits
Publication date: 2026-03-24
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 149.0 (exc) |
| mozilla | firefox | to 140.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Just-In-Time (JIT) miscompilation issue in the JavaScript Engine component of Firefox. It affects versions of Firefox earlier than 149 and Firefox ESR earlier than 140.9. JIT miscompilation means that the JavaScript engine may incorrectly compile code at runtime, potentially leading to unexpected behavior.
How can this vulnerability impact me? :
The impact of this vulnerability could include incorrect execution of JavaScript code within affected versions of Firefox, which might lead to security issues such as crashes, data corruption, or exploitation by attackers. However, specific impacts are not detailed in the provided information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available regarding how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know