PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6751 Mozilla CVE debrief

CVE-2026-6751 is a HIGH severity vulnerability in the Audio/Video: Web Codecs component of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. The vulnerability was publicly disclosed on April 21, 2026, and has a CVSS score of 7.3. The issue was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. The vulnerability allows for potential exploitation of uninitialized memory. Users should update their browsers to the latest versions to mitigate this vulnerability.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-21
Original CVE updated
2026-06-30
Advisory published
2026-04-21
Advisory updated
2026-06-30

Who should care

This vulnerability affects users of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. Specifically, users of Firefox versions prior to 150, Firefox ESR versions prior to 140.10, Thunderbird versions prior to 150, and Thunderbird ESR versions prior to 140.10 are at risk. Organizations and individuals using these products should prioritize updating to the latest versions to prevent potential exploitation.

Technical summary

The vulnerability, CVE-2026-6751, is related to uninitialized memory in the Audio/Video: Web Codecs component. This issue has been fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. The CVSS score for this vulnerability is 7.3, indicating a HIGH severity level. The vulnerability's vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. CWE-457 and CWE-824 are associated with this vulnerability.

Defensive priority

High priority should be given to updating Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR to the latest versions. Organizations should ensure that their inventory of installed software is up-to-date and that compensating controls are in place until updates can be applied.

Recommended defensive actions

  • Update Firefox to version 150 or later
  • Update Firefox ESR to version 140.10 or later
  • Update Thunderbird to version 150 or later
  • Update Thunderbird ESR to version 140.10 or later
  • Verify that all installed software is up-to-date
  • Monitor for any suspicious activity related to this vulnerability

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The source item URL provides additional details on the vulnerability. Vendor advisories are available from Mozilla, and Red Hat has also provided errata related to this vulnerability.

Official resources

This article was generated with AI assistance based on the supplied source corpus.