Description
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Bypass of Security Mitigations
Action: Immediate Patch
AI Analysis

Impact

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. The flaw allows an attacker to disable or circumvent built-in security mitigations within the browser, potentially weakening its overall security posture.

Affected Systems

Mozilla Firefox for Android. Versions before 150 are potentially affected. No further version granularity is provided.

Risk and Exploitability

The CVSS score is 6.1, but the EPSS score is missing. The vulnerability is not listed in CISA’s KEV, so no confirmed exploitation is recorded. The likely attack vector involves malicious content accessed through the browser, thus the risk depends on the ability of an attacker to supply such content. Because the issue bypasses mitigations, the potential impact could be high if exploit conditions are met, but no concrete exploitation data is available.

Generated by OpenCVE AI on April 22, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 150 or newer
  • If an upgrade is not feasible, restrict use of the affected browser to non-Internet-connected devices or enable Android’s device-owner policies to limit its usage
  • Maintain current security configurations and monitor for anomalous behavior that could indicate exploitation

Generated by OpenCVE AI on April 22, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-567
CWE-754

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-807
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

threat_severity

Moderate

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-567
CWE-754

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Title Mitigation bypass in Firefox for Android
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-22T15:35:12.113Z

Reserved: 2026-04-21T12:40:51.756Z

Link: CVE-2026-6756

cve-icon Vulnrichment

Updated: 2026-04-22T14:25:17.215Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T13:16:21.593

Modified: 2026-04-22T17:40:12.757

Link: CVE-2026-6756

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T12:40:52Z

Links: CVE-2026-6756 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T15:15:16Z

Weaknesses