CVE-2026-6746 – Mozilla Firefox v150
“A cluster of high-severity browser flaws increases the risk of compromise through everyday web activity.”
Mozilla has released a security patch for Firefox addressing 271 vulnerabilities impacting browser security and stability, including several high-severity flaws capable of remote code execution. The most critical vulnerabilities patched in this release are primarily memory corruption and use-after-free bugs.
CVE-2026-6746 and CVE-2026-6747 each have a CVSS score of 7.5, which is High severity. CVE-2026-6751, CVE-2026-6752, and CVE-2026-6753 each carry a CVSS score of 7.3, which is High severity. CVE-2026-6754 has a CVSS score of 7.5, which is High severity, while CVE-2026-6785 carries a CVSS score of 8.1, which is High severity. These vulnerabilities affect how the browser processes web content, creating multiple potential attack paths.
There is no confirmed active exploitation for these issues. However, given the browser’s constant exposure to untrusted web content, these high-severity vulnerabilities present a significant risk. Exploitation could occur through malicious websites, leading to unauthorized actions or system compromise.
Key Details
- Affected Product
- Mozilla Firefox
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-416