CVE-2026-6775
Description
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Incorrect boundary conditions in Firefox and Thunderbird's WebRTC component could lead to memory corruption, fixed in version 150.
CVE-2026-6775 is an incorrect boundary condition vulnerability in the WebRTC component of Firefox and Thunderbird. This memory safety issue arises from improper handling of data boundaries, potentially allowing an attacker to trigger memory corruption [1][2].
Exploitation requires a user to visit a malicious webpage or interact with crafted WebRTC content. In Thunderbird, scripting is disabled by default in email, reducing the attack surface, but in Firefox or browser-like contexts, the vulnerability is exploitable without additional privileges [1].
An attacker could exploit this to achieve high-severity impacts such as arbitrary code execution or denial of service, though the exact impact is not detailed. The vulnerability is rated high severity by Mozilla [1][2].
Mozilla has fixed this vulnerability in Firefox 150 and Thunderbird 150. Users are advised to update to these versions or later [1][2].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <150.0
- (no CPE)range: <150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.mozilla.org/security/advisories/mfsa2026-30/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2026-33/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.