Home

CVE-2026-4718

Description

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.012

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Mozilla Firefox ESR (140) (140.9.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox ESR (140) (x64) (140.9.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (149.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (149.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 140.9Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 149Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (140.9.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (x64) (140.9.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (149.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (149.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (149.0)Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-357381Mozilla Firefox ESR (140) (140.9.0)
PATCH-357382Mozilla Firefox ESR (140) (x64) (140.9.0)
PATCH-357377Mozilla Firefox (149.0)
PATCH-357378Mozilla Firefox (x64) (149.0)
PATCH-357383Mozilla Thunderbird ESR 140 (140.9.0)
PATCH-357384Mozilla Thunderbird ESR 140 (x64) (140.9.0)
PATCH-614061Mozilla Firefox For Mac (149.0)
PATCH-357447Mozilla Thunderbird (149.0)
PATCH-357448Mozilla Thunderbird (x64) (149.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234