Is Firefox affected by CVE-2026-6784?

CVE-2026-6784 is a critical memory corruption vulnerability affecting Firefox 149 and Thunderbird 149 that enables remote code execution when users access malicious web content, potentially compromising endpoint security across the organization.

Firefox CVE-2026-6784

EUVD-2026-24125 HIGH

Out-of-bounds Read (CWE-125)

2026-04-21 mozilla

GHSA-fcrv-8vh3-4pg3

RCE Buffer Overflow Information Disclosure Mozilla

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 00:30 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 00:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 16:30 vuln.today

CVSS changed

Apr 21, 2026 - 14:22 NVD

7.5 (HIGH)

DescriptionNVD

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.

AnalysisAI

Memory corruption in Firefox 149 and Thunderbird 149 enables remote code execution when users interact with malicious web content. Mozilla patched 55 distinct memory safety bugs in Firefox 150, some demonstrating memory corruption that could be weaponized for arbitrary code execution. …

RemediationAI

Within 24 hours: Audit all organizational Firefox 149 and Thunderbird 149 deployments and disable auto-update if present to prevent uncontrolled upgrades. Within 7 days: Distribute communication recommending users avoid untrusted websites and disable JavaScript as interim mitigation, and establish upgrade timeline to Firefox 150+ once Mozilla releases the patch. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6784 vulnerability details – vuln.today

Back

Firefox CVE-2026-6784

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code