Mozilla Firefox CVE-2026-6749

| EUVD-2026-24090 HIGH
Use of Uninitialized Resource (CWE-908)
2026-04-21 mozilla GHSA-7gp8-9grp-c69x
Information Disclosure Mozilla
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Updated
Apr 22, 2026 - 00:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Apr 22, 2026 - 00:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 22, 2026 - 00:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 18:22 vuln.today
CVSS changed
Apr 21, 2026 - 18:22 NVD
7.5 (HIGH)

DescriptionNVD

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

AnalysisAI

Uninitialized memory in Firefox's Canvas2D graphics component allows remote attackers to disclose sensitive information from browser memory without authentication. Affects Firefox versions prior to 150, ESR prior to 115.35, and ESR prior to 140.10. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: inventory all Firefox and ESR installations across the organization and identify affected versions (Firefox <150, ESR <115.35, ESR <140.10). Within 7 days: deploy Firefox 150 or later, ESR 115.35 or later, or ESR 140.10 or later across all endpoints. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6749 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy