Mozilla Firefox vulnerabilities

CVE-2026-22020 [HIGH] CWE-787 openjdk: libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04) openjdk: libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04) No description is available for this CVE. Package: java-11-openjdk (Red Hat build of OpenJDK 11 ELS) - Affected Package: java-11-openjdk-portable (Red Hat build of OpenJDK 11 ELS) - Affected Package: java-11-openjdk-windows (Red Hat build of OpenJDK 11 ELS) - Affected Package: java-17-openjdk-portable (Red Hat build of OpenJDK 17) - Affected

CVE-2026-6776 [HIGH] CWE-119 CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6780 [HIGH] CWE-400 CVE-2026-6780: Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15 Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6754 [HIGH] CWE-416 CVE-2026-6754: Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6750 [HIGH] CWE-269 CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6769 [HIGH] CWE-269 CVE-2026-6769: Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6758 [HIGH] CWE-416 CVE-2026-6758: Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6772 [HIGH] CWE-754 CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6747 [HIGH] CWE-416 CVE-2026-6747: Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140 Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6759 [HIGH] CWE-416 CVE-2026-6759: Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6782 [HIGH] CWE-200 CVE-2026-6782: Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 a Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6756 [HIGH] CWE-200 CVE-2026-6756: Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

CVE-2026-6770 [MEDIUM] CWE-200 CVE-2026-6770: Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefo Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6757 [MEDIUM] CWE-824 CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15 Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6762 [MEDIUM] CWE-290 CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6778 [MEDIUM] CWE-476 CVE-2026-6778: Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6755 [MEDIUM] CWE-352 CVE-2026-6755: Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6775 [MEDIUM] CWE-119 CVE-2026-6775: Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

CVE-2026-6767 [MEDIUM] CWE-119 CVE-2026-6767: Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVE-2026-6763 [MEDIUM] CWE-693 CVE-2026-6763: Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firef Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.