Use-After-Free Vulnerability in Firefox and Firefox ESR
CVE-2026-6759

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6759?

A use-after-free vulnerability in the Widget: Cocoa component has been identified in Firefox and Firefox ESR. This flaw may allow an attacker to exploit the affected system in a manner that compromises user security and data integrity. Mozilla has released patches in Firefox version 150 and Firefox ESR version 140.10 to address this issue, and it is strongly recommended that users update their browsers to safeguard against potential exploits.

Affected Version(s)

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2016164

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-32/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Steven Michaud

CVE-2026-6759 Data

JSON