CRITICAL🇵🇱 Wersja polska

CVE-2026-6768

CVSS 9.8v3.1pub. 2026-04-21upd. 2026-04-22

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

🤖 AI Analysis
How it works

The vulnerability consists of the ability to bypass applied security measures (mitigation bypass) in the Networking: Cookies component — the module responsible for handling cookies in network communication. An attacker can exploit an alternative path or access channel that is not covered by existing protection mechanisms, resulting in complete bypassing of security controls. The attack can be conducted remotely, without authentication and without any user interaction.

Impact

Successful exploitation of this vulnerability may lead to complete breach of confidentiality, integrity, and availability of data — the attacker gains the ability to unauthorized read, modify, or delete sensitive information processed by the application.

Mitigation & patch

Mozilla Firefox must be immediately updated to version 150 or later, and Mozilla Thunderbird must be updated to version 150 or later. Detailed information is available in the vendor's security bulletins: mfsa2026-30 (Firefox) and mfsa2026-33 (Thunderbird).

Who is affected

Mozilla Firefox in versions prior to 150 and Mozilla Thunderbird in versions prior to 150.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 150.0
  • Mozilla Thunderbird

    APP
    Mozilla
    < 150.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...