Description
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Published: 2026-03-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption / RCE
Action: Patch Now
AI Analysis

Impact

The vulnerability arises from incorrect boundary checks inside the graphics rendering engine, causing an unsigned integer overflow that can corrupt memory. This weakness, formalized as CWE‑190 and CWE‑754, may let an attacker leverage crafted graphics or image data to trigger the overflow, potentially leading to arbitrary code execution or a denial‑of‑service condition.

Affected Systems

All releases of Mozilla Firefox older than 149, including both mainstream and ESR builds before 115.34 and 140.9, as well as all versions of Thunderbird older than 149, including ESR builds before 140.9, are impacted. These products run on all major operating systems, as the vulnerable code resides in the shared graphics library.

Risk and Exploitability

The CVSS v3.1 score is 7.5, indicating high severity, while the EPSS score is below 1%, suggesting a low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires an attacker to supply a malicious image or graphics payload—potentially via a web page or a local file—to trigger the overflow. Although no confirmed wild exploits have been reported, the combination of memory corruption and high severity warrants timely remediation.

Generated by OpenCVE AI on April 13, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 149 or newer, or to the latest ESR build (115.34+ or 140.9+).
  • Upgrade to Thunderbird 149 or newer, or to the latest ESR build (140.9+).
  • Confirm the upgrades by checking the application’s displayed version or its update history.
  • Enable automatic updates or subscribe to Mozilla security advisories for future patch notifications.

Generated by OpenCVE AI on April 13, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4510-1 firefox-esr security update
Debian DLA Debian DLA DLA-4511-1 thunderbird security update
Debian DSA Debian DSA DSA-6178-1 firefox-esr security update
Debian DSA Debian DSA DSA-6179-1 thunderbird security update
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 25 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
Weaknesses CWE-190
CWE-754
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
References

Tue, 24 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
Title Incorrect boundary conditions, integer overflow in the Graphics component
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:48:51.324Z

Reserved: 2026-03-23T23:21:50.706Z

Link: CVE-2026-4694

cve-icon Vulnrichment

Updated: 2026-03-26T12:53:20.512Z

cve-icon NVD

Status : Modified

Published: 2026-03-24T13:16:05.247

Modified: 2026-04-13T15:17:38.437

Link: CVE-2026-4694

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-24T12:30:25Z

Links: CVE-2026-4694 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:43:35Z

Weaknesses