CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
Other sources
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
— MITRE
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-4684
- CVE-2026-4685
- CVE-2026-4686
- CVE-2026-4687
- CVE-2026-4688
- CVE-2026-4689
- CVE-2026-4690
- CVE-2026-4691
- CVE-2026-4692
- CVE-2026-4693
- CVE-2026-4694
- CVE-2026-4695
- CVE-2026-4696
- CVE-2026-4697
- CVE-2026-4698
- CVE-2026-4699
- CVE-2026-4700
- CVE-2026-4701
- CVE-2026-4722
- CVE-2026-4702
- CVE-2026-4723
- CVE-2026-4724
- CVE-2026-4704
- CVE-2026-4705
- CVE-2026-4706
- CVE-2026-4707
- CVE-2026-4708
- CVE-2026-4709
- CVE-2026-4710
- CVE-2026-4711
- CVE-2026-4725
- CVE-2026-4712
- CVE-2026-4713
- CVE-2026-4714
- CVE-2026-4715
- CVE-2026-4716
- CVE-2026-4717
- CVE-2026-4726
- CVE-2025-59375
- CVE-2026-4727
- CVE-2026-4728
- CVE-2026-4718
- CVE-2026-4719
- CVE-2026-4720
- CVE-2026-4729
- CVE-2026-4721
- CVE-2026-3889
- CVE-2026-4371
Frequently Asked Questions
What is the severity of CVE-2026-4704?
CVE-2026-4704 is classified as a denial-of-service vulnerability.
How do I fix CVE-2026-4704?
To fix CVE-2026-4704, update to Firefox version 149 or later and Firefox ESR version 140.9 or later.
What versions of Firefox are affected by CVE-2026-4704?
CVE-2026-4704 affects Firefox versions earlier than 149 and Firefox ESR versions earlier than 140.9.
What components are involved in CVE-2026-4704?
The vulnerability specifically involves the signaling component of WebRTC.
Is there a workaround for CVE-2026-4704?
There are no specific workarounds for CVE-2026-4704 other than upgrading to the patched versions.