Firefox CVE-2026-6752

| EUVD-2026-24093 HIGH
Buffer Overflow (CWE-119)
2026-04-21 mozilla GHSA-5wvf-8jjj-7w99
Buffer Overflow Mozilla
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Updated
Apr 22, 2026 - 00:40 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 22, 2026 - 00:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 20:24 vuln.today
CVSS changed
Apr 21, 2026 - 20:22 NVD
7.3 (None) 7.3 (HIGH)

DescriptionNVD

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

AnalysisAI

Remote code execution or information disclosure in Mozilla Firefox's WebRTC component allows network-based attackers to trigger memory corruption through incorrect boundary checks (CWE-119 buffer overflow class). All Firefox versions prior to 150, ESR versions prior to 115.35, and ESR versions prior to 140.10 are vulnerable. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Firefox deployments and identify machines running versions prior to 150 (standard) and 115.35 or 140.10 (ESR). Within 7 days: Deploy Firefox 150 or latest available patch version to all standard Firefox installations; deploy ESR 115.35 or ESR 140.10 or later to all ESR deployments. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6752 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy