PatchSiren cyber security CVE debrief
CVE-2026-6751 Mozilla CVE debrief
CVE-2026-6751 is a HIGH severity vulnerability in the Audio/Video: Web Codecs component of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. The vulnerability was publicly disclosed on April 21, 2026, and has a CVSS score of 7.3. The issue was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. The vulnerability allows for potential exploitation of uninitialized memory. Users should update their browsers to the latest versions to mitigate this vulnerability.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-06-30
Who should care
This vulnerability affects users of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. Specifically, users of Firefox versions prior to 150, Firefox ESR versions prior to 140.10, Thunderbird versions prior to 150, and Thunderbird ESR versions prior to 140.10 are at risk. Organizations and individuals using these products should prioritize updating to the latest versions to prevent potential exploitation.
Technical summary
The vulnerability, CVE-2026-6751, is related to uninitialized memory in the Audio/Video: Web Codecs component. This issue has been fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. The CVSS score for this vulnerability is 7.3, indicating a HIGH severity level. The vulnerability's vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. CWE-457 and CWE-824 are associated with this vulnerability.
Defensive priority
High priority should be given to updating Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR to the latest versions. Organizations should ensure that their inventory of installed software is up-to-date and that compensating controls are in place until updates can be applied.
Recommended defensive actions
- Update Firefox to version 150 or later
- Update Firefox ESR to version 140.10 or later
- Update Thunderbird to version 150 or later
- Update Thunderbird ESR to version 140.10 or later
- Verify that all installed software is up-to-date
- Monitor for any suspicious activity related to this vulnerability
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. The source item URL provides additional details on the vulnerability. Vendor advisories are available from Mozilla, and Red Hat has also provided errata related to this vulnerability.
Official resources
-
CVE-2026-6751 CVE record
CVE.org
-
CVE-2026-6751 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.