Memory Safety Bugs in Mozilla's Firefox and Thunderbird Products
CVE-2026-6786

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6786?

Mozilla's Firefox and Thunderbird products have been found to contain memory safety vulnerabilities, specifically in versions ESR 140.9 and 149. These vulnerabilities exhibit signs of memory corruption, raising concerns regarding potential exploitation to execute arbitrary code. The issues were addressed in Firefox version 150 and Firefox ESR 140.10, emphasizing the importance of timely updates to safeguard user data and application integrity.

Affected Version(s)

Firefox 140.10

Firefox 150

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2...

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://www.mozilla.org/security/advisories/mfsa2026-32/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Alex Franchuk, Andrew McCreight, Brian Grinstead, Christian Holler, Jan de Mooij, Maurice Dauer, Sebastian Hengst, Tom Schuster and the Mozilla Fuzzing Team

CVE-2026-6786 Data

JSON