{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6756", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-04-21T12:40:51.756Z", "datePublished": "2026-04-21T12:40:52.082Z", "dateUpdated": "2026-04-21T12:40:52.082Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "150", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150."}]}], "title": "Mitigation bypass in Firefox for Android", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992585"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"}], "credits": [{"lang": "en", "value": "Hafiizh & Kang Ali"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-21T12:40:52.082Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150."}], "id": "CVE-2026-6756", "lastModified": "2026-04-21T15:48:44.543", "metrics": {}, "published": "2026-04-21T13:16:21.593", "references": [{"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992585"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2026-30/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Undergoing Analysis"}

{"bugzilla": {"description": "firefox: Mitigation bypass in Firefox for Android", "id": "2460072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460072"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-807", "details": ["A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue:\nMitigation bypass in Firefox for Android"], "name": "CVE-2026-6756", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-21T12:40:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6756\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6756\nhttps://www.mozilla.org/security/advisories/mfsa2026-30/#CVE-2026-6756"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[150,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Firefox", "source": "cna", "vendor": "Mozilla"}, "product": "firefox", "vendor": "mozilla"}], "analysis": {"en": {"generated_at": "2026-04-22T15:13:12.744417+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 150 or newer", "If an upgrade is not feasible, restrict use of the affected browser to non-Internet-connected devices or enable Android\u2019s device-owner policies to limit its usage", "Maintain current security configurations and monitor for anomalous behavior that could indicate exploitation"], "summary": {"action": "Immediate Patch", "impact": "Bypass of Security Mitigations"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox for Android. Versions before 150 are potentially affected. No further version granularity is provided.", "description_and_impact": "Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. The flaw allows an attacker to disable or circumvent built-in security mitigations within the browser, potentially weakening its overall security posture.", "risk_and_exploitability": "The CVSS score is 6.1, but the EPSS score is missing. The vulnerability is not listed in CISA\u2019s KEV, so no confirmed exploitation is recorded. The likely attack vector involves malicious content accessed through the browser, thus the risk depends on the ability of an attacker to supply such content. Because the issue bypasses mitigations, the potential impact could be high if exploit conditions are met, but no concrete exploitation data is available."}}}}, "created": "2026-04-21T16:45:15.077721+00:00", "updated": "2026-04-22T15:15:16.426246+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}