Information Disclosure Vulnerability in Firefox Graphics: Canvas2D Component
CVE-2026-6749

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Vendor
CVE Published:
21 April 2026

What is CVE-2026-6749?

An information disclosure vulnerability has been identified in the Graphics: Canvas2D component of Firefox. Due to uninitialized memory handling, attackers could potentially exploit this flaw to access sensitive information. This vulnerability has been addressed in Firefox version 150 and the Extended Support Release (ESR) versions 115.35 and 140.10. Users are advised to update their browsers to ensure protection against this issue.

Affected Version(s)

Firefox 115.35

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2022610
https://www.mozilla.org/security/advisories/mfsa2026-30/
https://www.mozilla.org/security/advisories/mfsa2026-31/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Inseo An
.