CVE-2026-6778
Invalid Pointer Vulnerability in Firefox Audio/Video Playback
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | thunderbird | to 150.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an invalid pointer in the Audio/Video: Playback component of Firefox. It means that the software incorrectly handles memory references related to audio or video playback, which could potentially lead to unexpected behavior or crashes. The issue was fixed in Firefox version 150.
How can this vulnerability impact me? :
Exploitation of this vulnerability could cause Firefox to behave unpredictably during audio or video playback, potentially leading to application crashes or other unintended effects. However, specific impacts such as data loss or security breaches are not detailed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available regarding the impact of this vulnerability on compliance with standards such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed in Firefox 150. To mitigate this vulnerability, you should update your Firefox browser to version 150 or later.