CVE-2026-6749
published 2026-04-21CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | steveiliop56_tinyauth | >= 0 < 1.0.1-20260311144920-9eb2d33064b7 | 1.0.1-20260311144920-9eb2d33064b7 |
| mozilla | firefox | < Firefox 150 | Firefox 150 |
| mozilla | firefox | < 115.35.0 | 115.35.0 |
| mozilla | firefox | < 150.0 | 150.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 140.0 < 140.10.0 | 140.10.0 |
| mozilla | firefox_esr | < Firefox ESR 115.35 | Firefox ESR 115.35 |
| mozilla | firefox_esr | < Firefox ESR 140.10 | Firefox ESR 140.10 |
| mozilla | thunderbird | < Thunderbird 140.10 | Thunderbird 140.10 |
| mozilla | thunderbird | < Thunderbird 150 | Thunderbird 150 |
| mozilla | thunderbird | < 140.10.0 | 140.10.0 |
| rhel10 | firefox-flatpak | — | — |