CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6764 – Incorrect boundary conditions in the DOM: Device Interfaces component
https://notcve.org/view.php?id=CVE-2026-6764
21 Apr 2026 — Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2022162 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6763 – Mitigation bypass in the File Handling component
https://notcve.org/view.php?id=CVE-2026-6763
21 Apr 2026 — Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2021666 • CWE-693: Protection Mechanism Failure •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6762 – Spoofing issue in the DOM: Core & HTML component
https://notcve.org/view.php?id=CVE-2026-6762
21 Apr 2026 — Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2021080 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6761 – Privilege escalation in the Networking component
https://notcve.org/view.php?id=CVE-2026-6761
21 Apr 2026 — Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2017857 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6760 – Mitigation bypass in the Networking: Cookies component
https://notcve.org/view.php?id=CVE-2026-6760
21 Apr 2026 — Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2016923 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6759 – Use-after-free in the Widget: Cocoa component
https://notcve.org/view.php?id=CVE-2026-6759
21 Apr 2026 — Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2016164 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6758 – Use-after-free in the JavaScript: WebAssembly component
https://notcve.org/view.php?id=CVE-2026-6758
21 Apr 2026 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2013619 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6757 – Invalid pointer in the JavaScript: WebAssembly component
https://notcve.org/view.php?id=CVE-2026-6757
21 Apr 2026 — Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2013588 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6756 – Mitigation bypass in Firefox for Android
https://notcve.org/view.php?id=CVE-2026-6756
21 Apr 2026 — Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=1992585 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6755 – Mitigation bypass in the DOM: postMessage component
https://notcve.org/view.php?id=CVE-2026-6755
21 Apr 2026 — Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=1880429 • CWE-352: Cross-Site Request Forgery (CSRF) •