Invalid Pointer Vulnerability in Firefox’s Audio/Video Playback Component
CVE-2026-6778

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6778?

An invalid pointer dereference has been identified in Firefox's Audio/Video playback component, posing significant implications for user security. This flaw can be exploited by attackers to manipulate media playback functionality, potentially leading to crashes and unauthorized access to sensitive data. Mozilla has addressed this issue in Firefox version 150, urging users to update promptly to ensure protection against possible exploits.

Affected Version(s)

Firefox 150

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2022746

https://www.mozilla.org/security/advisories/mfsa2026-30/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

chanhokim

CVE-2026-6778 Data

JSON