Vulnerability-Lookup

alsa-2026:13537

Vulnerability from osv_almalinux

Published

2026-05-04 00:00

Modified

2026-05-05 10:39

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:13537	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-6746	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6747	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6748	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6749	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6750	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6751	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6752	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6753	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6754	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6786	REPORT
	https://bugzilla.redhat.com/2460074	REPORT
	https://bugzilla.redhat.com/2460075	REPORT
	https://bugzilla.redhat.com/2460076	REPORT
	https://bugzilla.redhat.com/2460078	REPORT
	https://bugzilla.redhat.com/2460079	REPORT
	https://bugzilla.redhat.com/2460085	REPORT
	https://bugzilla.redhat.com/2460086	REPORT
	https://bugzilla.redhat.com/2460088	REPORT
	https://bugzilla.redhat.com/2460092	REPORT
	https://bugzilla.redhat.com/2460094	REPORT
	https://bugzilla.redhat.com/2460095	REPORT
	https://bugzilla.redhat.com/2460096	REPORT
	https://bugzilla.redhat.com/2460097	REPORT
	https://bugzilla.redhat.com/2460099	REPORT
	https://bugzilla.redhat.com/2460101	REPORT
	https://bugzilla.redhat.com/2460102	REPORT
	https://bugzilla.redhat.com/2460103	REPORT
	https://bugzilla.redhat.com/2460104	REPORT
	https://bugzilla.redhat.com/2460105	REPORT
	https://bugzilla.redhat.com/2460106	REPORT
	https://bugzilla.redhat.com/2460107	REPORT
	https://bugzilla.redhat.com/2460108	REPORT
	https://bugzilla.redhat.com/2460109	REPORT
	https://bugzilla.redhat.com/2460110	REPORT
	https://bugzilla.redhat.com/2460112	REPORT
	https://errata.almalinux.org/8/ALSA-2026-13537.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.10.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n  * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n  * firefox: thunderbird: Spoofing issue in the DOM: Core \u0026 HTML component (CVE-2026-6762)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n  * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n  * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n  * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n  * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n  * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n  * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n  * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n  * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n  * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)\n  * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n  * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n  * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n  * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n  * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n  * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n  * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n  * firefox: thunderbird: Use-after-free in the DOM: Core \u0026 HTML component (CVE-2026-6746)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:13537",
  "modified": "2026-05-05T10:39:20Z",
  "published": "2026-05-04T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:13537"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6746"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6747"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6748"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6749"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6750"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6751"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6752"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6753"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6754"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6786"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460074"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460075"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460076"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460078"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460079"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460086"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460088"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460092"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460094"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460095"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460096"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460097"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460099"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460101"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460102"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460103"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460104"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460105"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460106"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460107"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460108"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460109"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460110"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460112"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-13537.html"
    }
  ],
  "related": [
    "CVE-2026-6772",
    "CVE-2026-6754",
    "CVE-2026-6762",
    "CVE-2026-6752",
    "CVE-2026-6770",
    "CVE-2026-6757",
    "CVE-2026-6767",
    "CVE-2026-6786",
    "CVE-2026-6753",
    "CVE-2026-6759",
    "CVE-2026-6747",
    "CVE-2026-6749",
    "CVE-2026-6766",
    "CVE-2026-6761",
    "CVE-2026-6763",
    "CVE-2026-6750",
    "CVE-2026-6748",
    "CVE-2026-6785",
    "CVE-2026-6771",
    "CVE-2026-6764",
    "CVE-2026-6765",
    "CVE-2026-6769",
    "CVE-2026-6751",
    "CVE-2026-6776",
    "CVE-2026-6746"
  ],
  "summary": "Important: thunderbird security update"
}

CVE-2026-6746 (GCVE-0-2026-6746)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Use-after-free in the DOM: Core & HTML component

Summary

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free
CWE-825 - Expired Pointer Dereference

Assigner

mozilla

References

36 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2014596
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6746	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460112	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.35 , ≤ 115.* (rpm) Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T15:08:29.668813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:53:00.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:44.148Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUse-after-free in the DOM: Core \u0026 HTML component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-825",
                "description": "Expired Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:05.911Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6746"
          },
          {
            "name": "RHBZ#2460112",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6746.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:03:11.980Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:44.148Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Use-after-free in the DOM: Core \u0026 HTML component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.35",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Use-after-free in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:37.002Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014596"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Use-after-free in the DOM: Core \u0026 HTML component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6746",
    "datePublished": "2026-04-21T12:40:44.148Z",
    "dateReserved": "2026-04-21T12:40:43.779Z",
    "dateUpdated": "2026-06-30T12:06:05.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6747 (GCVE-0-2026-6747)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Use-after-free in the WebRTC component

Summary

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free
CWE-825 - Expired Pointer Dereference

Assigner

mozilla

References

35 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2021769
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6747	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460095	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Nan Wang

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T15:08:07.894531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:37:57.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:45.203Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUse-after-free in the WebRTC component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-825",
                "description": "Expired Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:05.632Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6747"
          },
          {
            "name": "RHBZ#2460095",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6747.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:14.211Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:45.203Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Use-after-free in the WebRTC component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nan Wang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:38.193Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021769"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Use-after-free in the WebRTC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6747",
    "datePublished": "2026-04-21T12:40:45.203Z",
    "dateReserved": "2026-04-21T12:40:44.581Z",
    "dateUpdated": "2026-06-30T12:06:05.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6748 (GCVE-0-2026-6748)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Uninitialized memory in the Audio/Video: Web Codecs component

Summary

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-457 - Use of Uninitialized Variable
CWE-824 - Access of Uninitialized Pointer

Assigner

mozilla

References

35 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2022604
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6748	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460103	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Inseo An

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-21T18:38:50.092884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-457",
                "description": "CWE-457 Use of Uninitialized Variable",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:04:34.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:45.923Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUninitialized memory in the Audio/Video: Web Codecs component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-824",
                "description": "Access of Uninitialized Pointer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:05.340Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6748"
          },
          {
            "name": "RHBZ#2460103",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6748.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:39.417Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:45.923Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Inseo An"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:39.302Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022604"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Uninitialized memory in the Audio/Video: Web Codecs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6748",
    "datePublished": "2026-04-21T12:40:45.923Z",
    "dateReserved": "2026-04-21T12:40:45.603Z",
    "dateUpdated": "2026-06-30T12:06:05.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6749 (GCVE-0-2026-6749)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

Summary

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-908 - Use of Uninitialized Resource
CWE-824 - Access of Uninitialized Pointer

Assigner

mozilla

References

36 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2022610
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6749	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460096	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.35 , ≤ 115.* (rpm) Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Inseo An

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T15:07:48.753319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:08:01.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:46.800Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nInformation disclosure due to uninitialized memory in the Graphics: Canvas2D component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-824",
                "description": "Access of Uninitialized Pointer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:05.061Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6749"
          },
          {
            "name": "RHBZ#2460096",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6749.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:17.294Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:46.800Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.35",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Inseo An"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:40.339Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022610"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Information disclosure due to uninitialized memory in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6749",
    "datePublished": "2026-04-21T12:40:46.800Z",
    "dateReserved": "2026-04-21T12:40:46.464Z",
    "dateUpdated": "2026-06-30T12:06:05.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6750 (GCVE-0-2026-6750)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Privilege escalation in the Graphics: WebRender component

Summary

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management
CWE-266 - Incorrect Privilege Assignment

Assigner

mozilla

References

36 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2023407
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6750	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460102	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.35 , ≤ 115.* (rpm) Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

choeseyeong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T03:56:00.618420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:12:31.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:47.476Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nPrivilege escalation in the Graphics: WebRender component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-266",
                "description": "Incorrect Privilege Assignment",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:04.758Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6750"
          },
          {
            "name": "RHBZ#2460102",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6750.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:36.284Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:47.476Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Privilege escalation in the Graphics: WebRender component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.35",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "choeseyeong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:41.650Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023407"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Privilege escalation in the Graphics: WebRender component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6750",
    "datePublished": "2026-04-21T12:40:47.476Z",
    "dateReserved": "2026-04-21T12:40:47.165Z",
    "dateUpdated": "2026-06-30T12:06:04.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6751 (GCVE-0-2026-6751)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Uninitialized memory in the Audio/Video: Web Codecs component

Summary

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-457 - Use of Uninitialized Variable
CWE-824 - Access of Uninitialized Pointer

Assigner

mozilla

References

35 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2025883
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6751	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460109	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Joren Afman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T16:56:18.545699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-457",
                "description": "CWE-457 Use of Uninitialized Variable",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T16:56:22.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:48.315Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUninitialized memory in the Audio/Video: Web Codecs component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-824",
                "description": "Access of Uninitialized Pointer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:04.466Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6751"
          },
          {
            "name": "RHBZ#2460109",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6751.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:59.801Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:48.315Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joren Afman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:42.935Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2025883"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Uninitialized memory in the Audio/Video: Web Codecs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6751",
    "datePublished": "2026-04-21T12:40:48.315Z",
    "dateReserved": "2026-04-21T12:40:47.871Z",
    "dateUpdated": "2026-06-30T12:06:04.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6752 (GCVE-0-2026-6752)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Incorrect boundary conditions in the WebRTC component

Summary

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

mozilla

References

36 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2027499
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6752	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460078	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.35 , ≤ 115.* (rpm) Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

jmwebdevelopement

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-21T19:01:52.321484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:31:28.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:49.079Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions in the WebRTC component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-131",
                "description": "Incorrect Calculation of Buffer Size",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:04.182Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6752"
          },
          {
            "name": "RHBZ#2460078",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6752.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:01:16.112Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:49.079Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Incorrect boundary conditions in the WebRTC component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.35",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jmwebdevelopement"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:44.029Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027499"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Incorrect boundary conditions in the WebRTC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6752",
    "datePublished": "2026-04-21T12:40:49.079Z",
    "dateReserved": "2026-04-21T12:40:48.727Z",
    "dateUpdated": "2026-06-30T12:06:04.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6753 (GCVE-0-2026-6753)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Incorrect boundary conditions in the WebRTC component

Summary

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787 - Out-of-bounds Write

Assigner

mozilla

References

35 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2027501
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6753	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460092	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

jmwebdevelopement

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T17:11:04.777874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:11:08.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:49.893Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions in the WebRTC component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:03.889Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6753"
          },
          {
            "name": "RHBZ#2460092",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6753.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:02:04.165Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:49.893Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Incorrect boundary conditions in the WebRTC component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jmwebdevelopement"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:45.288Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027501"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Incorrect boundary conditions in the WebRTC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6753",
    "datePublished": "2026-04-21T12:40:49.893Z",
    "dateReserved": "2026-04-21T12:40:49.549Z",
    "dateUpdated": "2026-06-30T12:06:03.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6754 (GCVE-0-2026-6754)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-06-30 12:06

Title

Use-after-free in the JavaScript Engine component

Summary

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free
CWE-825 - Expired Pointer Dereference

Assigner

mozilla

References

36 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2027541
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-6754	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460075	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:19704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17690	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19463	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10767	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10766	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13537	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19655	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17687	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10757	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19348	vendor-advisoryx_refsource_REDHAT

Impacted products

21 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.35 , ≤ 115.* (rpm) Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Xuehao Guo

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T15:06:49.476701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:13:24.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-21T12:40:50.577Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUse-after-free in the JavaScript Engine component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-825",
                "description": "Expired Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:03.599Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6754"
          },
          {
            "name": "RHBZ#2460075",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6754.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17690"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19463"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12285"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10766"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13537"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19655"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17687"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10757"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:19704: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17690: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19463: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10767: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12285: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19041: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19131: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10766: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13537: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19655: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19465: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19542: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19466: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17477: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19467: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17687: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19468: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17689: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19461: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19464: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17688: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19462: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10757: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15892: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19201: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19348: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-21T14:01:06.088Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-21T12:40:50.577Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Use-after-free in the JavaScript Engine component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.35",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Xuehao Guo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:46.471Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027541"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Use-after-free in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6754",
    "datePublished": "2026-04-21T12:40:50.577Z",
    "dateReserved": "2026-04-21T12:40:50.251Z",
    "dateUpdated": "2026-06-30T12:06:03.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6757 (GCVE-0-2026-6757)

Vulnerability from cvelistv5 – Published: 2026-04-21 12:40 – Updated: 2026-05-26 18:07

Title

Invalid pointer in the JavaScript: WebAssembly component

Summary

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Severity

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2013588
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.10 , ≤ 140.* (rpm) Unaffected: 150 , ≤ * (rpm)

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:30:51.577650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-824",
                "description": "CWE-824 Access of Uninitialized Pointer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:07:08.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.10",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
            }
          ],
          "value": "Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T23:34:49.159Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013588"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-32/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-34/"
        }
      ],
      "title": "Invalid pointer in the JavaScript: WebAssembly component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-6757",
    "datePublished": "2026-04-21T12:40:52.961Z",
    "dateReserved": "2026-04-21T12:40:52.634Z",
    "dateUpdated": "2026-05-26T18:07:08.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2026:13537

Vulnerability from osv_almalinux

CVE-2026-6746 (GCVE-0-2026-6746)

CVE-2026-6747 (GCVE-0-2026-6747)

CVE-2026-6748 (GCVE-0-2026-6748)

CVE-2026-6749 (GCVE-0-2026-6749)

CVE-2026-6750 (GCVE-0-2026-6750)

CVE-2026-6751 (GCVE-0-2026-6751)

CVE-2026-6752 (GCVE-0-2026-6752)

CVE-2026-6753 (GCVE-0-2026-6753)

CVE-2026-6754 (GCVE-0-2026-6754)

CVE-2026-6757 (GCVE-0-2026-6757)

Tags

Sightings

Nomenclature