CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6784 – Memory safety bugs fixed in Firefox 150 and Thunderbird 150
https://notcve.org/view.php?id=CVE-2026-6784
21 Apr 2026 — Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801 • CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6783 – Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component
https://notcve.org/view.php?id=CVE-2026-6783
21 Apr 2026 — Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2027564 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6782 – Information disclosure in the IP Protection component
https://notcve.org/view.php?id=CVE-2026-6782
21 Apr 2026 — Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2026571 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6781 – Denial-of-service in the Audio/Video: Playback component
https://notcve.org/view.php?id=CVE-2026-6781
21 Apr 2026 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2025583 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6780 – Denial-of-service in the Audio/Video: Playback component
https://notcve.org/view.php?id=CVE-2026-6780
21 Apr 2026 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2025179 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6779 – Other issue in the JavaScript Engine component
https://notcve.org/view.php?id=CVE-2026-6779
21 Apr 2026 — Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2023343 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6778 – Invalid pointer in the Audio/Video: Playback component
https://notcve.org/view.php?id=CVE-2026-6778
21 Apr 2026 — Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2022746 • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6777 – Other issue in the Networking: DNS component
https://notcve.org/view.php?id=CVE-2026-6777
21 Apr 2026 — Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2022726 • CWE-20: Improper Input Validation CWE-352: Cross-Site Request Forgery (CSRF) CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-6776 – Incorrect boundary conditions in the WebRTC: Networking component
https://notcve.org/view.php?id=CVE-2026-6776
21 Apr 2026 — Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=2021770 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-6775 – Incorrect boundary conditions in the WebRTC component
https://notcve.org/view.php?id=CVE-2026-6775
21 Apr 2026 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. • https://bugzilla.mozilla.org/show_bug.cgi?id=2021768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •