CVE-2026-6785
high
CVSS v3
7.5
CVSS v4 NEW
โ
VIR risk
7.5
Description
Important: firefox security update
Predictions
Exploit likelihood
83%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| debian | sid | fixed | 150.0-1 |
| debian | bookworm | fixed | 140.10.0esr-1~deb12u1 |
| debian | bullseye | fixed | 140.10.0esr-1~deb11u1 |
| debian | forky | fixed | 140.10.0esr-1 |
| debian | trixie | fixed | 140.10.0esr-1~deb13u1 |
| rocky | 9 | fixed | |
| almalinux | 8 | fixed | firefox-140.10.0-1.el8_10.alma.1.x86_64.rpm |
| almalinux | 9 | fixed | firefox-x11-140.10.0-1.el9_7.alma.1.x86_64.rpm |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"115.35.0"} | 115.35.0 |
| mozilla | thunderbird | {"startIncluding":"140.0","endExcluding":"140.10.0"} | 140.10.0 |
References
- https://access.redhat.com/errata/RHSA-2026:10757
- https://access.redhat.com/errata/RHSA-2026:15892
- https://access.redhat.com/errata/RHSA-2026:19201
- https://access.redhat.com/errata/RHSA-2026:19348
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2027291%2C2027293%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320
- https://www.mozilla.org/security/advisories/mfsa2026-30/
- https://www.mozilla.org/security/advisories/mfsa2026-31/
- https://www.mozilla.org/security/advisories/mfsa2026-32/
- https://www.mozilla.org/security/advisories/mfsa2026-33/
- https://www.mozilla.org/security/advisories/mfsa2026-34/
- https://security-tracker.debian.org/tracker/CVE-2026-6785
- https://access.redhat.com/errata/RHSA-2026:10766
- https://bugzilla.redhat.com/2460074
- https://bugzilla.redhat.com/2460075
- https://bugzilla.redhat.com/2460076
- https://bugzilla.redhat.com/2460078
- https://bugzilla.redhat.com/2460079
- https://bugzilla.redhat.com/2460085
- https://bugzilla.redhat.com/2460086
- https://bugzilla.redhat.com/2460088
- https://bugzilla.redhat.com/2460092
- https://bugzilla.redhat.com/2460094
- https://bugzilla.redhat.com/2460095
- https://bugzilla.redhat.com/2460096
- https://bugzilla.redhat.com/2460097
CWEs
CWE-125 CWE-416 CWE-787
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.