CVE-2026-4708

Received Received - Intake

Boundary Condition Error in Firefox Graphics Component Causes Crash

Publication date: 2026-03-24

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-24

Last Modified

2026-04-13

Generated

2026-06-16

AI Q&A

2026-03-24

EPSS Evaluated

2026-06-15

NVD

CVE-2026-4708

EUVD

EUVD-2026-14831

Affected Vendors & Products

Vendor	Product	Version / Range
mozilla	firefox	to 149.0 (exc)
mozilla	firefox	to 140.9.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-754	The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

Executive Summary

This vulnerability involves incorrect boundary conditions in the Graphics component of Mozilla Firefox. It affects versions of Firefox earlier than 149 and Firefox ESR versions earlier than 140.9.

Impact Analysis

I don't know

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-4708. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-4708

Boundary Condition Error in Firefox Graphics Component Causes Crash

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart