プラットフォーム
firefox
コンポーネント
firefox
修正版
150.0.0
140.10
150.0.0
CVE-2026-6752 describes an incorrect boundary condition vulnerability within the WebRTC component of Mozilla Firefox. Exploitation could lead to crashes or, potentially, information disclosure. This vulnerability impacts Firefox versions 115.0.0 through 140.x. A fix has been released in Firefox 150.0.0.
The incorrect boundary condition in WebRTC can be exploited to trigger a crash within Firefox. While the immediate impact is a denial-of-service (DoS) via application termination, the potential for information disclosure exists if the crash occurs in a way that exposes sensitive data from memory. Attackers could potentially leverage this to gain insights into the browser's internal state or even execute arbitrary code, although the latter is less likely given the described nature of the vulnerability. The blast radius is limited to the affected Firefox instances, but widespread exploitation could impact many users.
CVE-2026-6752 was publicly disclosed on 2026-04-21. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability (crash/potential information disclosure) and the lack of public exploits, the probability of exploitation is considered low to medium.
Users of Mozilla Firefox versions 115.0.0 through 140.x are at risk, particularly those who frequently engage in video conferencing or other WebRTC-dependent activities. Shared hosting environments where Firefox is deployed could also be impacted, potentially affecting multiple users simultaneously.
• firefox: Monitor Firefox crash reports for unusual patterns or frequency. Examine browser logs for errors related to WebRTC. • generic web: Check for unusual network activity originating from Firefox processes, particularly related to WebRTC connections. Use network monitoring tools to identify unexpected data transfers. • windows / supply-chain: Examine scheduled tasks and autoruns entries for any suspicious WebRTC-related processes. Use Sysinternals tools (Process Monitor) to observe WebRTC activity.
disclosure
エクスプロイト状況
EPSS
0.07% (20% パーセンタイル)
The primary mitigation for CVE-2026-6752 is to upgrade to Firefox version 150.0.0 or later. If upgrading immediately is not feasible, consider temporarily disabling WebRTC functionality within Firefox's configuration settings (though this will impact video conferencing and other WebRTC-dependent features). Monitor Firefox's crash reports for any unusual activity that might indicate exploitation attempts. No specific WAF rules or detection signatures are readily available for this particular boundary condition flaw, making timely patching the most critical defense.
Actualice su navegador Firefox a la versión 150 o posterior, o a Firefox ESR 115.35, 140.10 o 140.10 respectivamente, para mitigar esta vulnerabilidad de manejo de límites incorrectos en el componente WebRTC. La actualización corrige el problema y previene posibles exploits.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-6752 is a vulnerability in Mozilla Firefox's WebRTC component that can lead to crashes and potential information disclosure due to an incorrect boundary condition. It affects versions 115.0.0–140.*.
You are affected if you are using Mozilla Firefox versions 115.0.0 through 140.x. Upgrade to version 150.0.0 or later to mitigate the risk.
Upgrade to Mozilla Firefox version 150.0.0 or later. As a temporary workaround, you can disable WebRTC functionality in Firefox's settings.
As of the current assessment, CVE-2026-6752 is not known to be actively exploited, but the potential for exploitation exists.
Refer to the official Mozilla security advisory for detailed information and updates: https://www.mozilla.org/en-US/security/advisories/