Description
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Mitigation Bypass
Action: Immediate Patch
AI Analysis

Impact

This vulnerability allows an attacker to disable or bypass built‑in security mitigations within Firefox for Android. The flaw is associated with CWE‑200 (Information Exposure) and CWE‑807 (Improper Neutralization of Input During Web Page Generation), meaning that sensitive data could be disclosed or improperly handled. By disabling mitigations, an attacker could reduce the browser’s protection against various exploits, thereby potentially enabling compromise of the user device or data.

Affected Systems

Mozilla Firefox for Android versions before 150 are potentially affected. All releases earlier than 150 are included because the CVE record does not provide finer version granularity, so any older build of the browser on an Android device may be vulnerable.

Risk and Exploitability

The CVSS base score of 7.5 indicates a high severity. The EPSS score is less than 1%, suggesting that the recorded probability of exploitation is very low. The issue is not listed in CISA KEV, so no confirmed exploitation has been documented. Based on the description, it is inferred that exploitation would involve the attacker providing malicious web content that the browser would then process with the bypassed mitigations. If that condition is met, the potential impact could be significant, but currently no live exploitation is known.

Generated by OpenCVE AI on April 27, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox for Android to version 150 or later
  • If an upgrade is not possible, limit the browser to offline or trusted networks until a patch is available
  • Continuously monitor the device for signs of anomalous activity that may indicate exploitation

Generated by OpenCVE AI on April 27, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-567
CWE-754

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-807
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

threat_severity

Moderate

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-567
CWE-754

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Title Mitigation bypass in Firefox for Android
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-22T15:35:12.113Z

Reserved: 2026-04-21T12:40:51.756Z

Link: CVE-2026-6756

cve-icon Vulnrichment

Updated: 2026-04-22T14:25:17.215Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T13:16:21.593

Modified: 2026-04-22T17:40:12.757

Link: CVE-2026-6756

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T12:40:52Z

Links: CVE-2026-6756 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T20:00:05Z

Weaknesses