PT-2026-33954 · Mozilla · Firefox+1

Satoki Tsuji

·

Published

2026-04-21

·

Updated

2026-04-27

·

CVE-2026-6768

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150
Description A mitigation bypass exists in the Networking: Cookies component.
Recommendations Update Firefox to version 150. Update Thunderbird to version 150.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2026-6768
OPENSUSE-SU-2026:10626-1

Affected Products

Firefox
Thunderbird