Mitigation Bypass in the postMessage Component of Firefox by Mozilla
CVE-2026-6755

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6755?

A mitigation bypass vulnerability has been identified in the postMessage component of Firefox. This vulnerability could potentially allow the execution of unauthorized scripts or content through the compromised messaging system. Users are encouraged to update to Firefox version 150 or later, where this issue has been addressed to enhance security and integrity of web communications.

Affected Version(s)

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1880429

https://www.mozilla.org/security/advisories/mfsa2026-30/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

paranoidmoth

CVE-2026-6755 Data

JSON