Uninitialized Memory Vulnerability in Firefox Products by Mozilla
CVE-2026-6748

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6748?

An uninitialized memory vulnerability has been identified within the Audio/Video: Web Codecs component of Firefox. This issue has the potential to expose sensitive data or lead to unexpected application behavior. The vulnerability was addressed in Firefox version 150 and Firefox ESR version 140.10. Users are strongly advised to update to the latest versions to protect against potential exploits.

Affected Version(s)

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2022604

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-32/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Inseo An

CVE-2026-6748 Data

JSON