CVE-2026-4702 JIT miscompilation in the JavaScript Engine component

🗓️ 24 Mar 2026 12:30:30Reported by mozillaType

CVE-2026-4702 JIT miscompilation in JavaScript Engine affects Firefox before 149 and ESR 140.9.

Reporter	Title	Published	Views	Family All 299
FreeBSD	Mozilla -- Multiple vulnerabilities	24 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-4702	24 Mar 202612:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1554)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)	14 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)	14 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2026:5930)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2026:5931)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2026:5932)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2026:6188)	3 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : thunderbird (ALSA-2026:6342)	1 Apr 202600:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2026-23/
mozilla	www.mozilla.org/security/advisories/mfsa2026-22/
mozilla	www.mozilla.org/security/advisories/mfsa2026-20/
mozilla	www.mozilla.org/security/advisories/mfsa2026-24/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi

13 Apr 2026 13:50Current

EPSS0.00026