Description
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Published: 2026-04-21
Score: n/a
EPSS: n/a
KEV: No
Impact: Cookie Mitigation Bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows a malicious website or script to bypass the cookie mitigation policies implemented in Firefox's Networking: Cookies component. By circumventing these restrictions, an attacker could set or read cookies that should be blocked, potentially enabling session hijacking, cross‑site request forgery, or other credential theft techniques. No CVSS score is provided, so the exact severity is unclear, but the ability to override cookie policies suggests a significant impact on confidentiality and integrity of user authentication data.

Affected Systems

Mozilla Firefox products are affected. Versions before 150 lack the fix, while Firefox 150 and later incorporate the patch. All platforms running these vulnerable versions of Firefox are potentially impacted.

Risk and Exploitability

The EPSS metric is not available, and the vulnerability is not listed in CISA's KEV catalog. Attackers would likely need to supply malicious web content that exploits the cookie processing flow; this can occur through normal browser usage, indicating a usable path for exploitation. Although no official CVSS score is cited, the nature of bypassing cookie mitigations points to moderate to high risk, especially in environments where strict cookie policies are required.

Generated by OpenCVE AI on April 22, 2026 at 03:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 150 or a newer release that contains the fix for the Networking: Cookies component.
  • Temporarily disable third‑party cookies to mitigate the impact while the patch is applied.
  • Ensure that any installed add‑ons are updated or disabled if they could influence cookie handling behavior.

Generated by OpenCVE AI on April 22, 2026 at 03:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
References

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.
Title Mitigation bypass in the Networking: Cookies component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-21T23:34:52.712Z

Reserved: 2026-04-21T12:40:54.751Z

Link: CVE-2026-6760

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-21T13:16:21.950

Modified: 2026-04-22T00:16:32.047

Link: CVE-2026-6760

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T03:30:06Z

Weaknesses