Description
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Published: 2026-04-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unspecified Impact
Action: Patch
AI Analysis

Impact

The vulnerability is identified as an ‘Other issue’ in the JavaScript Engine component of Mozilla products. The advisory does not provide a detailed technical description, so the exact nature of the flaw—whether it results in a crash, memory corruption, or another form of failure—is not disclosed. Users may encounter unexpected crashes or erratic browser behavior, but no confirmed remote code execution or data exfiltration is indicated.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird are affected. The issue existed in all releases prior to version 150 and was fixed in that release; no more granular version information is provided, so all revisions below 150 should be considered vulnerable.

Risk and Exploitability

The CVSS score is 5.3, indicating a medium severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Attackers who can supply crafted JavaScript to a vulnerable client might attempt to trigger the bug, but without a detailed trigger or affected context the likelihood of successful exploitation remains uncertain. Administrators should treat the vulnerability as potentially high until further clarifying information is released.

Generated by OpenCVE AI on April 22, 2026 at 05:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox and Thunderbird to version 150 or later to apply the vendor fix.
  • If an immediate upgrade is not possible, consider disabling JavaScript for untrusted content or applying a strict Content Security Policy to restrict script execution.
  • Monitor the browser for crashes or anomalous behavior to confirm that the issue is adequately mitigated.

Generated by OpenCVE AI on April 22, 2026 at 05:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Vendors & Products Mozilla thunderbird

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150. Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Weaknesses CWE-119
CWE-20
CWE-79
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.
Title Other issue in the JavaScript Engine component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-21T23:35:15.112Z

Reserved: 2026-04-21T12:41:09.461Z

Link: CVE-2026-6779

cve-icon Vulnrichment

Updated: 2026-04-21T17:32:41.295Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T13:16:23.600

Modified: 2026-04-22T15:18:05.740

Link: CVE-2026-6779

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-21T12:41:09Z

Links: CVE-2026-6779 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:45:09Z

Weaknesses