Platform
firefox
Component
firefox
Fixed in
115.35
140.10
150
140.10
150
CVE-2026-6785 describes a collection of memory safety bugs discovered in various versions of Mozilla Firefox and Thunderbird. These bugs, characterized by evidence of memory corruption, could potentially be exploited by attackers to execute arbitrary code. The vulnerability affects Firefox ESR versions 115.34 through 140.9, Firefox 149, and Thunderbird ESR/140.9/150, and Thunderbird 140.10. A fix has been released in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
The core impact of CVE-2026-6785 stems from its memory corruption nature. Successful exploitation could allow an attacker to overwrite critical memory regions within the Firefox or Thunderbird process, potentially leading to arbitrary code execution. This means an attacker could gain control of the affected system, execute malicious commands, steal sensitive data (such as browsing history, saved passwords, and personal information), or install malware. The severity is heightened by the potential for remote exploitation, as an attacker could potentially trigger the vulnerability through crafted web content or malicious emails. While the description notes that exploitation would require “enough effort,” the presence of memory corruption bugs is a significant security concern, especially given the widespread use of Firefox and Thunderbird.
CVE-2026-6785 was publicly disclosed on April 21, 2026. While no public proof-of-concept (PoC) code has been released at the time of writing, the presence of memory corruption vulnerabilities often attracts attention from security researchers and exploit developers. It is advisable to monitor security advisories and threat intelligence feeds for any indications of active exploitation. The vulnerability has not yet been added to the CISA KEV catalog.
Exploit Status
EPSS
0.07% (22% percentile)
The primary mitigation for CVE-2026-6785 is to immediately upgrade to a patched version of Firefox or Thunderbird. Specifically, upgrade to Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, or Thunderbird 140.10. If an immediate upgrade is not feasible due to compatibility issues or system downtime requirements, consider implementing temporary workarounds. While no specific WAF or proxy rules are mentioned, restricting access to untrusted websites and carefully scrutinizing downloaded files can help reduce the attack surface. Monitor system logs for unusual activity or crashes that might indicate exploitation attempts. After upgrading, confirm the fix by attempting to reproduce the vulnerability using known exploit techniques (if available) or by verifying the version number of the installed software.
Update to the latest version of Firefox (150 or higher) or a patched ESR version (115.35 or 140.10) to mitigate the memory corruption vulnerability. Ensure you apply the latest security updates to protect against potential exploits.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6785 is a memory corruption vulnerability affecting Firefox ESR 115.34–140.*, Firefox 149, and Thunderbird ESR/140.9/150, Thunderbird 140.10. Attackers could potentially execute arbitrary code.
If you are using Firefox ESR versions 115.34 through 140.9, Firefox 149, or Thunderbird ESR/140.9/150, Thunderbird 140.10, you are potentially affected and should upgrade immediately.
Upgrade to Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, or Thunderbird 140.10. Check version using about:support.
No active exploitation has been confirmed at this time, but the presence of memory corruption warrants caution and prompt patching.
Refer to the Mozilla Security Advisories page for the official advisory: https://www.mozilla.org/en-US/security/advisories/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.