CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component

🗓️ 24 Mar 2026 12:30:24Reported by mozillaType

CVE-2026-4691 use-after-free in CSS parsing and computation affects Firefox before 149 and ESR before 115.34 and 140.9.

Reporter	Title	Published	Views	Family All 294
FreeBSD	Mozilla -- Multiple vulnerabilities	24 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-4691	24 Mar 202612:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1554)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)	14 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)	14 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2026:5930)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2026:5931)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2026:5932)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2026:6188)	3 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : thunderbird (ALSA-2026:6342)	1 Apr 202600:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.34",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2026-20/
mozilla	www.mozilla.org/security/advisories/mfsa2026-22/
mozilla	www.mozilla.org/security/advisories/mfsa2026-23/
mozilla	www.mozilla.org/security/advisories/mfsa2026-24/
mozilla	www.mozilla.org/security/advisories/mfsa2026-21/

13 Apr 2026 13:48Current

EPSS0.00039