CVE-2026-6786
high
CVSS v3
7.5
CVSS v4 NEW
โ
VIR risk
7.5
Description
Important: firefox security update
Predictions
Exploit likelihood
83%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| debian | sid | fixed | 150.0-1 |
| debian | bookworm | fixed | 140.10.0esr-1~deb12u1 |
| debian | bullseye | fixed | 140.10.0esr-1~deb11u1 |
| debian | forky | fixed | 140.10.0esr-1 |
| debian | trixie | fixed | 140.10.0esr-1~deb13u1 |
| rocky | 9 | fixed | |
| almalinux | 8 | fixed | firefox-140.10.0-1.el8_10.alma.1.x86_64.rpm |
| almalinux | 9 | fixed | firefox-x11-140.10.0-1.el9_7.alma.1.x86_64.rpm |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"150.0"} | 150.0 |
| mozilla | thunderbird | {"startIncluding":"140.0","endExcluding":"140.10.0"} | 140.10.0 |
References
- https://access.redhat.com/errata/RHSA-2026:10757
- https://access.redhat.com/errata/RHSA-2026:15892
- https://access.redhat.com/errata/RHSA-2026:19201
- https://access.redhat.com/errata/RHSA-2026:19348
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C2024420%2C2024429%2C2024432%2C2024455%2C2024466%2C2024468%2C2024476%2C2024664%2C2024666%2C2024669%2C2024670%2C2024671%2C2024761%2C2024918%2C2025292%2C2025332%2C2025348%2C2025384%2C2025395%2C2025458%2C2025461%2C2025463%2C2025481%2C2025483%2C2025485%2C2025494%2C2025506%2C2025511%2C2025513%2C2025520%2C2026277%2C2026282%2C2026288%2C2026289%2C2026311%2C2026312%2C2026869%2C2027152%2C2027161%2C2027238%2C2027261%2C2027269%2C2027274%2C2027280%2C2027281%2C2027300%2C2027302%2C2027331%2C2027339%2C2027340%2C2027738%2C2027975%2C2028000%2C2028011%2C2028289%2C2028525%2C2028728%2C2028887%2C2028888%2C2028896%2C2029063%2C2029064%2C2029290%2C2029291%2C2029294%2C2029300%2C2029304%2C2029316%2C2029317%2C2029401%2C2029415%2C2029430%2C2029457%2C2029727%2C2029735%2C2029743%2C2029752%2C2029754%2C2029776%2C2029809%2C2030324%2C2030370
- https://www.mozilla.org/security/advisories/mfsa2026-30/
- https://www.mozilla.org/security/advisories/mfsa2026-32/
- https://www.mozilla.org/security/advisories/mfsa2026-33/
- https://www.mozilla.org/security/advisories/mfsa2026-34/
- https://security-tracker.debian.org/tracker/CVE-2026-6786
- https://access.redhat.com/errata/RHSA-2026:10766
- https://bugzilla.redhat.com/2460074
- https://bugzilla.redhat.com/2460075
- https://bugzilla.redhat.com/2460076
- https://bugzilla.redhat.com/2460078
- https://bugzilla.redhat.com/2460079
- https://bugzilla.redhat.com/2460085
- https://bugzilla.redhat.com/2460086
- https://bugzilla.redhat.com/2460088
- https://bugzilla.redhat.com/2460092
- https://bugzilla.redhat.com/2460094
- https://bugzilla.redhat.com/2460095
- https://bugzilla.redhat.com/2460096
- https://bugzilla.redhat.com/2460097
- https://bugzilla.redhat.com/2460099
CWEs
CWE-125 CWE-416 CWE-787
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.