CVE-2026-6785

high

Description

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

References

https://www.mozilla.org/security/advisories/mfsa2026-34/

https://www.mozilla.org/security/advisories/mfsa2026-33/

https://www.mozilla.org/security/advisories/mfsa2026-32/

https://www.mozilla.org/security/advisories/mfsa2026-31/

https://www.mozilla.org/security/advisories/mfsa2026-30/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6785.json

https://bugzilla.redhat.com/show_bug.cgi?id=2460104

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2027291%2C2027293%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320

https://access.redhat.com/security/cve/CVE-2026-6785

https://access.redhat.com/errata/RHSA-2026:19704

https://access.redhat.com/errata/RHSA-2026:19655

https://access.redhat.com/errata/RHSA-2026:19542

https://access.redhat.com/errata/RHSA-2026:19469

https://access.redhat.com/errata/RHSA-2026:19468

https://access.redhat.com/errata/RHSA-2026:19467

https://access.redhat.com/errata/RHSA-2026:19466

https://access.redhat.com/errata/RHSA-2026:19465

https://access.redhat.com/errata/RHSA-2026:19464

https://access.redhat.com/errata/RHSA-2026:19463

https://access.redhat.com/errata/RHSA-2026:19462

https://access.redhat.com/errata/RHSA-2026:19461

https://access.redhat.com/errata/RHSA-2026:19348

https://access.redhat.com/errata/RHSA-2026:19201

https://access.redhat.com/errata/RHSA-2026:19131

https://access.redhat.com/errata/RHSA-2026:19041

https://access.redhat.com/errata/RHSA-2026:17690

https://access.redhat.com/errata/RHSA-2026:17689

https://access.redhat.com/errata/RHSA-2026:17688

https://access.redhat.com/errata/RHSA-2026:17687

https://access.redhat.com/errata/RHSA-2026:17477

https://access.redhat.com/errata/RHSA-2026:15892

https://access.redhat.com/errata/RHSA-2026:13537

https://access.redhat.com/errata/RHSA-2026:12285

https://access.redhat.com/errata/RHSA-2026:10767

https://access.redhat.com/errata/RHSA-2026:10766

https://access.redhat.com/errata/RHSA-2026:10757

Details

Source: Mitre, NVD

Published: 2026-04-26

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00055