VYPR
← All advisories
High severity7.3NVD Advisory· Published Apr 21, 2026· Updated Apr 22, 2026

CVE-2026-6753

CVE-2026-6753

Description

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Incorrect boundary conditions in Mozilla's WebRTC component could allow an attacker to trigger memory corruption, leading to potential arbitrary code execution.

CVE-2026-6753 is a high-severity vulnerability in the WebRTC component of Mozilla Firefox and Thunderbird. The issue stems from incorrect boundary conditions, which can lead to memory corruption when processing specially crafted WebRTC data [1][2].

An attacker could exploit this vulnerability by enticing a user to visit a malicious website or by injecting crafted WebRTC traffic. In Thunderbird, scripting is disabled by default when reading email, so exploitation through email is unlikely, but it remains a risk in browser-like contexts [1][3].

Successful exploitation could allow an attacker to corrupt memory, potentially leading to arbitrary code execution or a denial of service. The CVSS v3 score is 7.3, indicating high severity.

Mozilla has addressed this vulnerability in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. Users are advised to update their software to the latest versions [2][4].

References
  1. Security Vulnerabilities fixed in Thunderbird 150
  2. Security Vulnerabilities fixed in Firefox 150
  3. Security Vulnerabilities fixed in Thunderbird 140.10
  4. Security Vulnerabilities fixed in Firefox ESR 140.10

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Mozilla Corporation/Firefox2 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <150.0
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <140.10.0
  • Mozilla Corporation/Thunderbird
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
    Range: >=140.0,<140.10.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.