CVE-2026-6757
Invalid Pointer Vulnerability in Firefox WebAssembly Component
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | firefox | to 140.10.0 (exc) |
| mozilla | thunderbird | From 140.0 (inc) to 140.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an invalid pointer in the JavaScript WebAssembly component of Mozilla Firefox. It means that there is a flaw in how the browser handles pointers within WebAssembly code, which could potentially lead to unexpected behavior or security issues. The vulnerability was addressed and fixed in Firefox version 150 and Firefox ESR 140.10.
How can this vulnerability impact me? :
Exploitation of this vulnerability could lead to security risks such as crashes, memory corruption, or potentially arbitrary code execution when processing WebAssembly content in the browser. This could compromise the security and stability of the affected Firefox browser versions before the fix.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 150 or later, or Firefox ESR to version 140.10 or later, where the issue has been fixed.