CVE-2026-4685

Advisory lineage Upstream: 0 Downstream: 41
Modified
Published: 24 Mar 2026, 12:30
Last modified:07 May 2026, 14:49

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Mar 2026, 12:30
Published
Vulnerability first disclosed
07 May 2026, 14:49
Last Modified
Vulnerability information updated

Description

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03% Percentile: 8%

Techniques & Countermeasures

  • CWE-754Improper Check for Unusual or Exceptional Conditions

    The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Affected Systems

  • mozillafirefox

    ≥ unspecified, < 149 | < 115.34.0 | < 149.0 | ≥ 128.0, < 140.9.0

  • mozillafirefox_esr

    ≥ unspecified, < 115.34 | ≥ unspecified, < 140.9

  • mozillathunderbird

    ≥ unspecified, < 149 | ≥ unspecified, < 140.9

References (6)