CVE-2026-4716

CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component

Published March 24, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Key dates

Disclosure timeline

March 24, 2026 CVE published
April 13, 2026 Record updated