CVE-2026-6776Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-131Incorrect Calculation of Buffer Size8 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedApr 21

Description

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Mozillamozilla/firefox< Firefox 150
Mozillamozilla/firefox_esr< Firefox ESR 140.10
Mozillamozilla/thunderbird< Thunderbird 140.10+1

🔴Vulnerability Details

1
GHSA
GHSA-cr7m-q2pr-wwq7: Incorrect boundary conditions in the WebRTC: Networking component2026-04-21

📋Vendor Advisories

5
Red Hat
firefox: Incorrect boundary conditions in the WebRTC: Networking component2026-04-21
Mozilla
Mozilla Foundation Security Advisory 2026-30: CVE-2026-6776
Mozilla
Mozilla Foundation Security Advisory 2026-34: CVE-2026-6776
Mozilla
Mozilla Foundation Security Advisory 2026-32: CVE-2026-6776
Mozilla
Mozilla Foundation Security Advisory 2026-33: CVE-2026-6776

💬Community

1
Bugzilla
CVE-2026-6776 firefox: Incorrect boundary conditions in the WebRTC: Networking component2026-04-21
CVE-2026-6776 — Mozilla Firefox vulnerability | cvebase