Use-After-Free Vulnerability in JavaScript Engine by Mozilla
CVE-2026-6754

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6754?

A use-after-free vulnerability in the JavaScript Engine of Mozilla Firefox can lead to unexpected behaviors, including the possibility of process crashes or potentially arbitrary code execution. This flaw occurs due to improper memory management, allowing previously freed memory to be accessed. The issue has been addressed in several updates, specifically in Firefox versions 150, 115.35 ESR, and 140.10 ESR, highlighting the importance of keeping browsers updated to mitigate security risks.

Affected Version(s)

Firefox 115.35

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2027541

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-31/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Xuehao Guo

CVE-2026-6754 Data

JSON