CVE-2026-6762 — UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021 — UI Misrepresentation / Clickjacking CWE-290 — Authentication Bypass by Spoofing9 documents5 sources

Severity

6.1MEDIUM

No vector

EPSS

0.0%

top 86.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedApr 21

Description

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Affected Packages3 packages

▶Mozillamozilla/firefox< Firefox 150

▶Mozillamozilla/firefox_esr< Firefox ESR 115.35+1

▶Mozillamozilla/thunderbird< Thunderbird 140.10+1

🔴Vulnerability Details

GHSA

GHSA-h3rr-2q6v-g8rc: Spoofing issue in the DOM: Core & HTML component↗2026-04-21

▶

📋Vendor Advisories

Red Hat

firefox: Spoofing issue in the DOM: Core & HTML component↗2026-04-21

▶

Mozilla

Mozilla Foundation Security Advisory 2026-31: CVE-2026-6762↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-34: CVE-2026-6762↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-32: CVE-2026-6762↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-30: CVE-2026-6762↗

▶

💬Community

Bugzilla

CVE-2026-6762 firefox: Spoofing issue in the DOM: Core & HTML component↗2026-04-21

▶