CVE-2026-6786

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149

Description Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code.

Recommendations Update Firefox ESR to version 140.10. Update Thunderbird ESR to version 140.10. Update Firefox to version 150. Update Thunderbird to version 150.

Fix

DoS

Memory Corruption

Out of bounds Read

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125CWE-416

Related Identifiers

ALSA-2026:10757

ALSA-2026:10766

ALSA-2026:10767

ALSA-2026:12285

ALSA-2026:13537

ALSA-2026:15892

ALSA-2026:19348

BDU:2026-06954

CVE-2026-6786

OESA-2026-2105

OESA-2026-2106

OESA-2026-2107

OESA-2026-2108

OESA-2026-2109

OPENSUSE-SU-2026:10610-1

OPENSUSE-SU-2026:10626-1

RHSA-2026:10757

RHSA-2026:10766

RHSA-2026:10767

RHSA-2026:19348

Affected Products

Firefox

Rocky Linux

Thunderbird

CVE-2026-6786

Weakness Enumeration

Related Identifiers

Affected Products

References · 195