CVE-2026-6749

· NIST NVD ↗

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-21
Published

CWE codes

CWE-908

Affected products

mozilla:firefoxmozilla:thunderbird

Sources