Memory Safety Bug in Firefox (ESR 115.33/140.8 & 148) prior to v149
CVE-2026-4721 Published on March 24, 2026
Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Vulnerability Analysis
CVE-2026-4721 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
What is a Classic Buffer Overflow Vulnerability?
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the "classic" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.
CVE-2026-4721 has been classified to as a Classic Buffer Overflow vulnerability or weakness.
What is a Dangling pointer Vulnerability?
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.
CVE-2026-4721 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2026-4721
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-4721 are published in these products:
Affected Versions
Mozilla Firefox:- Version 115.34, <= 115.* is unaffected.
- Version 140.9, <= 140.* is unaffected.
- Version 149, <= * is unaffected.
- Version 140.9, <= 140.* is unaffected.
- Version 149, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.