Uninitialized Memory Vulnerability in Firefox Canvas2D (CVE-2026-4715)
CVE-2026-4715 is a critical vulnerability involving uninitialized memory in the Graphics: Canvas2D component of Firefox, Firefox ESR, and Thunderbird, potentially leading to information disclosure or arbitrary code execution.
CVE-2026-4715 describes an uninitialized memory flaw within the Canvas2D graphics component of Mozilla Firefox, Firefox ESR, and Thunderbird. Discovered and reported in March 2026, this vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9. Successful exploitation of this issue could allow an attacker to read sensitive information from memory or potentially execute arbitrary code…
Detection coverage 2
Detect Firefox Process Launch with Version Less Than 149
highDetects the launch of Firefox with a version number less than 149, indicating a potentially vulnerable instance.
Detect Thunderbird Process Launch with Version Less Than 149
highDetects the launch of Thunderbird with a version number less than 149, indicating a potentially vulnerable instance.
Detection queries are kept inside the platform. Get full rules →