IndexedDB Vulnerability in Firefox and Firefox ESR
CVE-2026-6770
Key Information:
- Vendor
Mozilla
- Status
- Vendor
- CVE Published:
- 21 April 2026
Badges
What is CVE-2026-6770?
CVE-2026-6770 is a vulnerability identified in the IndexedDB component of the Firefox web browser and its Extended Support Release (ESR) variant. The IndexedDB API is designed to allow web applications to store data persistently in the user's browser, providing significant functionality for offline capabilities and dynamic data management in web applications. This vulnerability could negatively impact organizations that rely on Firefox for secure data handling and processing within their applications. If exploited, it may lead to unauthorized data manipulation or exposure, compromising the integrity of the stored information. Although this vulnerability has been addressed in recent updates, its presence could expose users to potential risks if not promptly managed.
Potential impact of CVE-2026-6770
-
Data Breaches: The vulnerability may allow attackers to access and manipulate data stored within IndexedDB, leading to possible leaks of sensitive information and credentials.
-
Compromised Application Integrity: Exploitation could result in unauthorized alterations to data or application functionalities, potentially disrupting services and diminishing user trust.
-
Security Posture Erosion: Organizations using affected versions of Firefox might find their overall security posture weakened, making them more susceptible to subsequent attacks if protective measures are not implemented swiftly.
Affected Version(s)
Firefox 140.10
Firefox 150
Thunderbird 140.10