CVE-2026-4704: Vulnerability in Mozilla Firefox
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
AI Analysis
Technical Summary
CVE-2026-4704 is a high-severity denial-of-service vulnerability affecting the WebRTC signaling component in Mozilla Firefox. It allows an attacker to cause resource exhaustion leading to a denial-of-service condition. The issue was fixed in Firefox 149 and Firefox ESR 140.9. The vulnerability has no impact on confidentiality or integrity but significantly impacts availability. The vendor advisory explicitly states the fix is included in these versions, and no active exploitation has been reported.
Potential Impact
The vulnerability can cause denial-of-service by exhausting resources in the WebRTC signaling component, potentially disrupting normal browser operations and user communications relying on WebRTC. There is no indication of confidentiality or integrity compromise. No known exploits have been observed in the wild.
Mitigation Recommendations
Users and administrators should update to Firefox 149 or Firefox ESR 140.9 or later to remediate this vulnerability. The vendor advisory confirms that the issue is fixed in these versions. No additional mitigation steps are required beyond applying the official update.
CVE-2026-4704: Vulnerability in Mozilla Firefox
Description
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-4704 is a high-severity denial-of-service vulnerability affecting the WebRTC signaling component in Mozilla Firefox. It allows an attacker to cause resource exhaustion leading to a denial-of-service condition. The issue was fixed in Firefox 149 and Firefox ESR 140.9. The vulnerability has no impact on confidentiality or integrity but significantly impacts availability. The vendor advisory explicitly states the fix is included in these versions, and no active exploitation has been reported.
Potential Impact
The vulnerability can cause denial-of-service by exhausting resources in the WebRTC signaling component, potentially disrupting normal browser operations and user communications relying on WebRTC. There is no indication of confidentiality or integrity compromise. No known exploits have been observed in the wild.
Mitigation Recommendations
Users and administrators should update to Firefox 149 or Firefox ESR 140.9 or later to remediate this vulnerability. The vendor advisory confirms that the issue is fixed in these versions. No additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-03-23T23:22:09.666Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69c28784f4197a8e3b3205d2
Added to database: 3/24/2026, 12:45:56 PM
Last enriched: 4/14/2026, 12:11:21 PM
Last updated: 5/6/2026, 9:12:52 AM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.