Skip to main content

Firefox CVE-2026-6769

| EUVD-2026-24110 HIGH
Improper Privilege Management (CWE-269)
2026-04-21 mozilla GHSA-35h9-jh69-pc24
Privilege Escalation Red Hat Mozilla Suse
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

10
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Analysis Updated
Apr 22, 2026 - 00:35 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 21:22 vuln.today
cvss_changed
Severity Changed
Apr 21, 2026 - 21:22 NVD
MEDIUM HIGH
CVSS changed
Apr 21, 2026 - 21:22 NVD
6.5 (MEDIUM) 8.8 (HIGH)
Analysis Generated
Apr 21, 2026 - 18:24 vuln.today
CVSS changed
Apr 21, 2026 - 18:22 NVD
6.5 (MEDIUM)
EUVD ID Assigned
Apr 21, 2026 - 13:15 euvd
EUVD-2026-24110
Analysis Generated
Apr 21, 2026 - 13:15 vuln.today
CVE Published
Apr 21, 2026 - 12:41 nvd
HIGH 8.8

DescriptionNVD

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

AnalysisAI

Privilege escalation in Firefox's Debugger component allows remote attackers to gain elevated system privileges after user interaction with a malicious site. Affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Firefox installations across the organization and identify versions prior to 150 (standard branch) and 140.10 (ESR branch). Within 7 days: Deploy Firefox 150 or Firefox ESR 140.10 via your endpoint management system to all affected systems; coordinate with development teams on any ESR pinning requirements. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2026-6769 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy