PT-2026-33932 · Mozilla+1 · Firefox+2

Published

2026-04-21

Updated

2026-05-19

CVE-2026-6746

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Firefox ESR versions prior to 115.35 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10

Description A use-after-free issue exists in the DOM: Core & HTML component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed.

Recommendations Update Firefox to version 150 or later. Update Firefox ESR to version 115.35 or later. Update Firefox ESR to version 140.10 or later. Update Thunderbird to version 150 or later. Update Thunderbird to version 140.10 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:10757

ALSA-2026:10766

ALSA-2026:10767

ALSA-2026:12285

ALSA-2026:13537

ALSA-2026:15892

ALSA-2026:19348

CVE-2026-6746

OESA-2026-2105

OESA-2026-2106

OESA-2026-2107

OESA-2026-2108

OESA-2026-2109

OPENSUSE-SU-2026:10610-1

OPENSUSE-SU-2026:10626-1

RHSA-2026:10757

RHSA-2026:10766

RHSA-2026:10767

RHSA-2026:12285

RHSA-2026:13537

RHSA-2026:15892

RHSA-2026:17477

RHSA-2026:17687

RHSA-2026:17688

RHSA-2026:17689

RHSA-2026:17690

RHSA-2026:19041

RHSA-2026:19131

RHSA-2026:19201

RHSA-2026:19348

RHSA-2026:19461

RHSA-2026:19462

RHSA-2026:19463

RHSA-2026:19464

RHSA-2026:19465

RHSA-2026:19466

RHSA-2026:19467

RHSA-2026:19468

RHSA-2026:19469

RHSA-2026:19542

RHSA-2026:19655

RHSA-2026:19704

Affected Products

Firefox

Rocky Linux

Thunderbird

PT-2026-33932 · Mozilla+1 · Firefox+2

CVE-2026-6746

Weakness Enumeration

Related Identifiers

Affected Products

References · 194