CVE-2026-6777
DNS Vulnerability in Firefox 150 Networking Component Fixed
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | thunderbird | to 150.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 150 or later where the issue has been fixed.
How can this vulnerability impact me? :
This vulnerability affects the Networking: DNS component in Firefox and has a CVSS v3.1 base score of 5.3, indicating a medium severity. It can be exploited remotely without privileges or user interaction and impacts availability, potentially causing denial of service or disruption in network functionality.
Can you explain this vulnerability to me?
This vulnerability is an issue in the Networking: DNS component of Mozilla Firefox. It was addressed and fixed in Firefox version 150.