Memory Safety Vulnerabilities in Firefox and Thunderbird Products
CVE-2026-6784

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6784?

Firefox 149 and Thunderbird 149 contain memory safety bugs that potentially allow for memory corruption. If exploited, these vulnerabilities could lead to unauthorized execution of arbitrary code. Mozilla addressed these issues in the subsequent releases of Firefox 150 and Thunderbird 150, highlighting the importance of regular software updates.

Affected Version(s)

Firefox 150

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2...

https://www.mozilla.org/security/advisories/mfsa2026-30/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Ben Visness, Brian Grinstead, Christian Holler, Dimi Lee, Jens Stutte, Jim Mathies, John Schanck, Jon Coppeard, Karl Tomlinson, Maurice Dauer, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team

CVE-2026-6784 Data

JSON