Description
Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An integer overflow in the Graphics: WebGPU component results in a denial‑of‑service condition. The flaw is classified as CWE‑190 and does not compromise data confidentiality or integrity.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird are affected. All releases prior to version 150 contain the vulnerability; version 150 and newer include the fix.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity level. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The available data does not detail exploitation or attack vectors.

Generated by OpenCVE AI on April 22, 2026 at 10:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 150 or newer
  • Upgrade Mozilla Thunderbird to version 150 or newer
  • Consult the Mozilla Security Advisory (MFSA2026‑30/33) for guidance on applying updates and verifying that the WebGPU component has been patched

Generated by OpenCVE AI on April 22, 2026 at 10:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Vendors & Products Mozilla thunderbird

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680

Wed, 22 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150. Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150.
Title Denial-of-service due to integer overflow in the Graphics: WebGPU component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-27T16:59:46.908Z

Reserved: 2026-04-21T12:41:04.962Z

Link: CVE-2026-6773

cve-icon Vulnrichment

Updated: 2026-04-21T19:45:22.213Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T13:16:23.087

Modified: 2026-04-22T15:17:18.390

Link: CVE-2026-6773

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T12:41:05Z

Links: CVE-2026-6773 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T10:15:14Z

Weaknesses