Mozilla Firefox CVE-2026-6777

EUVD-2026-24118 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-04-21 mozilla

GHSA-q3c8-p5vp-wr87

CSRF Mozilla

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 18:25 vuln.today

CVSS changed

Apr 21, 2026 - 18:22 NVD

5.3 (None) 5.3 (MEDIUM)

DescriptionNVD

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150.

AnalysisAI

Denial of service in Firefox DNS networking component allows unauthenticated remote attackers to cause partial availability impact through crafted network requests. The vulnerability, classified as a cross-site request forgery (CSRF) issue within DNS handling, affects Firefox versions prior to 150 and has been patched by Mozilla.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6777 vulnerability details – vuln.today

Back

Mozilla Firefox CVE-2026-6777

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code