JavaScript: WebAssembly Vulnerability in Firefox by Mozilla
CVE-2026-6757

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6757?

An invalid pointer dereference in the JavaScript: WebAssembly component of Firefox has been identified, which poses security risks if exploited. This vulnerability can potentially lead to unexpected behavior in the browser, affecting user experience and security. Mozilla has addressed this issue in the latest updates of Firefox and Firefox ESR.

Affected Version(s)

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2013588

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-32/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

CVE-2026-6757 Data

JSON