CVE-2026-4729
Memory Corruption in Firefox and Thunderbird <149 Enables Code Execution
Publication date: 2026-03-24
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 149.0 (exc) |
| mozilla | thunderbird | to 149.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves memory safety bugs found in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption, which means that the software could access or modify memory in unintended ways. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code on the affected systems.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to execute arbitrary code on your system through Firefox or Thunderbird versions prior to 149. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of your device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know