CVE-2026-6752
Published: 21 April 2026
Summary
CVE-2026-6752 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Mozilla Firefox. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely installation of vendor patches to directly remediate the buffer overflow vulnerability in the WebRTC component as fixed in specified Firefox and Thunderbird versions.
Implements memory protection mechanisms such as ASLR, stack canaries, and non-executable memory to prevent successful exploitation of the CWE-119 buffer boundary condition flaw.
Provides vulnerability scanning to identify systems running vulnerable versions of Firefox or Thunderbird affected by CVE-2026-6752 for prioritized remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remotely exploitable memory buffer vulnerability (CWE-119) in the WebRTC component of client applications (Firefox/Thunderbird), directly enabling exploitation for client execution with no user interaction required.
NVD Description
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Deeper analysisAI
CVE-2026-6752 involves incorrect boundary conditions in the WebRTC component, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). This vulnerability affects Mozilla Firefox prior to version 150, Firefox ESR prior to 115.35 and 140.10, Thunderbird prior to 150, and Thunderbird prior to 140.10. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low barriers to exploitation.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low attack complexity and no change in scope. Successful exploitation can result in limited impacts, including partial disclosure of sensitive information, minor modification of data, or limited denial of service.
Mozilla addressed the issue in the specified fixed versions of Firefox and Thunderbird. Security advisories MFSA2026-30 through MFSA2026-33 and Bugzilla entry 2027499 provide further details on the patches and affected releases.
Details
- CWE(s)