CVE-2026-6773
Integer Overflow in Firefox WebGPU Causes Denial of Service
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | thunderbird | to 150.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service issue caused by an integer overflow in the Graphics: WebGPU component of Firefox.
An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside the range that can be represented with a given number of bits, potentially leading to unexpected behavior.
In this case, the overflow can be exploited to cause the application to crash or become unresponsive, resulting in a denial-of-service condition.
This vulnerability was fixed in Firefox version 150.
How can this vulnerability impact me? :
This vulnerability can impact you by causing Firefox to crash or become unresponsive when processing certain WebGPU graphics operations.
Such denial-of-service conditions can disrupt normal use of the browser, potentially leading to loss of data or interruption of services that rely on the browser.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 150 or later where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a denial-of-service due to an integer overflow in the Graphics: WebGPU component of Firefox. It impacts availability (as indicated by the CVSS score) but does not affect confidentiality or integrity.
Since this vulnerability does not involve unauthorized access to or disclosure of personal data, it is unlikely to directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on confidentiality and integrity of sensitive data.
However, denial-of-service issues can affect system availability, which may be a consideration under some regulatory frameworks that require maintaining service availability.