Boundary Condition Flaw in WebGPU Component of Firefox by Mozilla
CVE-2026-5733

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5733?

This vulnerability in the Graphics: WebGPU component of Firefox arises from incorrect boundary conditions, which may allow for unexpected behavior or potential exploitation. Affected users should update to version 149.0.2 or later to mitigate risks associated with this flaw.

Affected Version(s)

Firefox < 149.0.2

Thunderbird < 149.0.2

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2022554

https://www.mozilla.org/security/advisories/mfsa2026-25/

https://www.mozilla.org/security/advisories/mfsa2026-28/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Inseo An

CVE-2026-5733 Data

JSON