Skip to main content

Mozilla Firefox CVE-2026-6750

| EUVD-2026-24091 HIGH
Improper Privilege Management (CWE-269)
2026-04-21 mozilla GHSA-hqjc-gx24-xhpp
Privilege Escalation Red Hat Mozilla Suse
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

12
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Severity Changed
Apr 22, 2026 - 16:22 NVD
HIGH CRITICAL
CVSS changed
Apr 22, 2026 - 16:22 NVD
8.8 (HIGH) 9.8 (CRITICAL)
Analysis Updated
Apr 22, 2026 - 00:41 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 21:22 vuln.today
cvss_changed
Severity Changed
Apr 21, 2026 - 21:22 NVD
MEDIUM HIGH
CVSS changed
Apr 21, 2026 - 21:22 NVD
5.3 (MEDIUM) 8.8 (HIGH)
Analysis Generated
Apr 21, 2026 - 18:24 vuln.today
CVSS changed
Apr 21, 2026 - 18:22 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 21, 2026 - 13:15 euvd
EUVD-2026-24091
Analysis Generated
Apr 21, 2026 - 13:15 vuln.today
CVE Published
Apr 21, 2026 - 12:40 nvd
HIGH 8.8

DescriptionNVD

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

AnalysisAI

Privilege escalation in Firefox WebRender allows remote attackers to gain elevated access through malicious web content requiring user interaction. Affects Firefox versions before 150, Firefox ESR before 115.35, and Firefox ESR before 140.10. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Firefox deployments and document current versions across endpoints (target Firefox <150, ESR <115.35, ESR <140.10). Within 7 days: Deploy Firefox version 150 or later to all standard Firefox users; deploy Firefox ESR 115.35 or ESR 140.10 (or later) to all ESR-managed endpoints. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2026-6750 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy