Memory Safety Bugs in Firefox and Thunderbird by Mozilla
CVE-2026-6785

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6785?

Mozilla has addressed memory safety bugs that were present in several versions of its Firefox and Thunderbird applications, which potentially allowed for memory corruption. These vulnerabilities have been patched in Firefox 150, Firefox ESR versions 115.35 and 140.10. Users are advised to upgrade to these releases to mitigate any risk of potential exploitation.

Affected Version(s)

Firefox 115.35

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2...

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-31/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Andrew McCreight, Ashley Zebrowski, Brian Grinstead, Christian Holler, Maurice Dauer, Tom Schuster and the Mozilla Fuzzing Team

CVE-2026-6785 Data

JSON