CVE-2026-6774
Mitigation Bypass in Firefox DOM Security Component
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | thunderbird | to 150.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a mitigation bypass in the DOM (Document Object Model) security component of Firefox. It means that a security measure intended to protect the DOM was circumvented, potentially allowing unintended actions or access. The issue was fixed in Firefox version 150.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to bypass security protections in the DOM, potentially leading to unauthorized access or manipulation of web content within Firefox. This could result in compromised user data or browser behavior.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 150 or later where the issue has been fixed.