Vulnerabilities ›

CVE-2026-4704

High

Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CWE-400 — Weakness Type

                    Published: Mar 24, 2026                      ·  Modified: Mar 30, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

🤖 AI Executive Summary

CVE-2026-4704 is a high-severity denial-of-service vulnerability in Mozilla Firefox and Thunderbird's WebRTC signaling component (CVSS 7.5). The vulnerability allows attackers to crash affected applications through uncontrolled resource consumption. Currently, no patch is available, making immediate mitigation through version control and network segmentation critical for Saudi organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 1, 2026 06:32

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government entities, financial institutions, and telecommunications companies that rely on Firefox/Thunderbird for secure communications. Government agencies under NCA oversight and SAMA-regulated financial institutions using these browsers for WebRTC-based video conferencing or secure communications are at risk of service disruption. Telecom operators (STC, Mobily, Zain) and healthcare providers using these applications for telemedicine or internal communications face operational continuity risks. The lack of available patches increases exposure window for all affected sectors.

🏢 Affected Saudi Sectors

Government (NCA-regulated entities) Banking and Financial Services (SAMA-regulated) Telecommunications (STC, Mobily, Zain) Healthcare (telemedicine providers) Energy (ARAMCO and related entities) Education (universities and research institutions) Defense and Security

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service (resource exhaustion via WebRTC signaling) T1499.004 - Application Exhaustion Flood T1561 - Disk Wipe (potential secondary impact if system crashes) T1657 - Financial Theft (potential impact on financial operations during outage)

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all Firefox and Thunderbird installations across the organization, particularly in critical departments

2. Disable WebRTC functionality in Firefox/Thunderbird settings as a temporary compensating control (about:config → media.peerconnection.enabled = false)

3. Restrict access to untrusted websites and email sources that could trigger WebRTC signaling

4. Implement network-level controls to monitor and limit WebRTC traffic

Compensating Controls:

5. Deploy application whitelisting to prevent unauthorized browser usage

6. Isolate critical systems from internet-facing browsers; use dedicated secure communication tools instead

7. Monitor for Firefox/Thunderbird process crashes and resource exhaustion anomalies

8. Implement rate limiting on WebRTC signaling traffic at network perimeter

Detection Rules:

9. Alert on Firefox/Thunderbird crashes with high CPU/memory consumption

10. Monitor for unusual WebRTC connection attempts or signaling protocol anomalies

11. Track browser process termination events in security logs

12. Monitor for exploitation attempts via email attachments or malicious links in Thunderbird

Patching Strategy:

13. Monitor Mozilla security advisories for patch availability (expected in Firefox 149, ESR 140.9, Thunderbird 149, 140.9)

14. Establish expedited patching procedures once updates are released

15. Consider temporary migration to alternative browsers (Chrome, Edge) for critical WebRTC-dependent operations

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع تثبيتات Firefox و Thunderbird عبر المنظمة، خاصة في الأقسام الحرجة

2. تعطيل وظيفة WebRTC في إعدادات Firefox/Thunderbird كتحكم تعويضي مؤقت (about:config → media.peerconnection.enabled = false)

3. تقييد الوصول إلى المواقع غير الموثوقة ومصادر البريد الإلكتروني التي قد تؤدي إلى تشغيل إشارات WebRTC

4. تنفيذ عناصر تحكم على مستوى الشبكة لمراقبة وتحديد حركة WebRTC

الضوابط التعويضية:

5. نشر قائمة بيضاء للتطبيقات لمنع استخدام المتصفح غير المصرح به

6. عزل الأنظمة الحرجة عن المتصفحات المواجهة للإنترنت؛ استخدم أدوات اتصال آمنة مخصصة بدلاً من ذلك

7. مراقبة أعطال عملية Firefox/Thunderbird واستهلاك الموارد الشاذة

8. تنفيذ تحديد معدل حركة إشارات WebRTC على محيط الشبكة

قواعد الكشف:

9. تنبيه على أعطال Firefox/Thunderbird مع استهلاك عالي للمعالج/الذاكرة

10. مراقبة محاولات اتصال WebRTC غير العادية أو شذوذ بروتوكول الإشارات

11. تتبع أحداث إنهاء عملية المتصفح في سجلات الأمان

12. مراقبة محاولات الاستغلال عبر مرفقات البريد الإلكتروني أو الروابط الضارة في Thunderbird

استراتيجية التصحيح:

13. مراقبة استشارات أمان Mozilla لتوفر التصحيحات (متوقع في Firefox 149، ESR 140.9، Thunderbird 149، 140.9)

14. إنشاء إجراءات تصحيح معجلة بمجرد إصدار التحديثات

15. النظر في الهجرة المؤقتة إلى متصفحات بديلة (Chrome، Edge) للعمليات المعتمدة على WebRTC الحرجة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1 - Information Security Policies (incident response for DoS) ECC 2024 A.8.1 - Asset Management (software inventory and lifecycle) ECC 2024 A.12.2 - Change Management (patch management procedures) ECC 2024 A.12.6 - Management of Technical Vulnerabilities (vulnerability assessment and remediation)

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Business Environment (operational resilience) SAMA CSF PR.IP-12 - Information and Communications (software updates and patches) SAMA CSF DE.CM-1 - Detection and Analysis (anomaly detection for DoS) SAMA CSF RS.MI-1 - Response and Recovery (incident mitigation)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.1 - Policies for Information Security ISO 27001:2022 A.8.1 - Asset Management ISO 27001:2022 A.8.2 - Information Classification ISO 27001:2022 A.12.2 - Configuration Management ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities ISO 27001:2022 A.14.2 - Information Security Requirements in Third-party Relationships

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates (if payment systems use Firefox/Thunderbird) PCI DSS 6.4 - Secure development practices PCI DSS 11.2 - Vulnerability scanning and assessment

🔗 References & Sources 5

🔗

https://bugzilla.mozilla.org/show_bug.cgi?id=2014868

security@mozilla.org

Permissions Required

🔗

https://www.mozilla.org/security/advisories/mfsa2026-20/

security@mozilla.org

Vendor Advisory

🔗

https://www.mozilla.org/security/advisories/mfsa2026-22/

security@mozilla.org

Vendor Advisory

🔗

https://www.mozilla.org/security/advisories/mfsa2026-23/

security@mozilla.org

🔗

https://www.mozilla.org/security/advisories/mfsa2026-24/

security@mozilla.org

📦 Affected Products / CPE 2 entries

mozilla:firefox

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-400

Exploit No

Patch ✗ No

Published 2026-03-24

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-400

🏢 Vendor Advisories

🔗 https://www.mozilla.org/security/advisories/mfsa2026... 🔗 https://www.mozilla.org/security/advisories/mfsa2026...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-4704

💬 Comments

Introduce Yourself

Sign In Required