CVE-2026-6750
Privilege Escalation in Firefox WebRender Component
Publication date: 2026-04-21
Last updated on: 2026-04-24
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | firefox | to 115.35.0 (exc) |
| mozilla | firefox | From 140.0 (inc) to 140.10.0 (exc) |
| mozilla | thunderbird | to 140.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a privilege escalation issue found in the Graphics: WebRender component of Mozilla Firefox. Privilege escalation means that an attacker could gain higher-level permissions than intended, potentially allowing them to execute unauthorized actions within the affected software.
The issue was addressed and fixed in Firefox version 150, Firefox ESR 115.35, and Firefox ESR 140.10.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to escalate their privileges within the Firefox browser environment. This could lead to unauthorized actions such as executing code with higher permissions, potentially compromising the security and integrity of the user's system or data accessed through the browser.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this privilege escalation vulnerability in the Graphics: WebRender component, update your Firefox browsers to version 150 or later, or Firefox ESR to versions 115.35 or 140.10 or later.