CVE-2026-4702 describes a Just-In-Time (JIT) miscompilation vulnerability in the JavaScript Engine component of Mozilla Firefox. This vulnerability can cause incorrect code generation during JIT compilation, potentially leading to memory corruption or other critical issues. It was reported by multiple researchers and fixed in Firefox 149 and Firefox ESR 140.9. The CVSS v3.1 score is 9.8 (critical), reflecting its network attack vector, low complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vendor advisory confirms the fix and includes this vulnerability among several other critical security fixes in the same release.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, compromise user data, or cause denial of service. The vulnerability affects the core JavaScript engine, which is fundamental to Firefox's operation, thus posing a high risk to users running vulnerable versions. There are no reports of active exploitation in the wild, but the severity and nature of the flaw indicate a significant potential impact if exploited.

Mozilla has released official fixes for this vulnerability in Firefox 149 and Firefox ESR 140.9. Users and administrators should update to these versions or later immediately to mitigate the risk. Since this is not a cloud service, remediation depends on applying these updates. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the official update.