CVE-2026-4701

CVE-2026-4701: Use-after-free in the JavaScript Engine component

Published March 24, 2026
Last update May 12, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Key dates

Disclosure timeline

March 24, 2026 CVE published
May 12, 2026 Record updated