Firefox CVE-2026-6751

| EUVD-2026-24092 HIGH
Use of Uninitialized Variable (CWE-457)
2026-04-21 mozilla GHSA-mwvh-c89q-73j6
Information Disclosure Mozilla
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Updated
Apr 22, 2026 - 00:41 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 22, 2026 - 00:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 20:24 vuln.today
CVSS changed
Apr 21, 2026 - 20:22 NVD
7.3 (None) 7.3 (HIGH)

DescriptionNVD

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

AnalysisAI

Uninitialized memory access in Firefox's Web Codecs API enables remote attackers to disclose sensitive data, modify limited application state, and potentially trigger denial of service without authentication. The vulnerability affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: inventory all Firefox deployments and identify instances below version 150 (or ESR 140.10) using endpoint detection tools. Within 7 days: enforce automatic updates to Firefox 150+ or ESR 140.10+ via group policy or mobile device management; block older versions from accessing sensitive applications. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6751 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy