Description
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Published: 2026-04-21
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The IP Protection component in Mozilla Firefox fails to protect sensitive data, resulting in information disclosure. The vulnerability allows an attacker to obtain data that should be kept private, potentially compromising user confidentiality. The weakness aligns with the Information Exposure category, where data is exposed to unauthorized parties.

Affected Systems

Mozilla Firefox versions prior to 150 are affected, as the bug was fixed in Firefox 150. No specific earlier versions are listed, but all releases before 150 may be vulnerable.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is not available, which suggests the exploitation probability is not well known. Since the vulnerability is not listed in the CISA KEV catalog, it has not yet been reported as being exploited in the wild. The attack likely requires the user to trigger the IP Protection component, but the exact attack vector is unspecified; the information exposure could be triggered locally or via a maliciously crafted resource. Without definitive data, the risk remains moderate but could increase if the exposed data is highly sensitive.

Generated by OpenCVE AI on April 21, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Firefox version 150 or newer, which contains the fix for the IP Protection component.
  • If an immediate upgrade is not feasible, disable or restrict access to the IP Protection feature to prevent data leakage.
  • Regularly check Mozilla security advisories for any updates or related vulnerabilities.

Generated by OpenCVE AI on April 21, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150. Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150.
Title Information disclosure in the IP Protection component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-21T23:35:18.768Z

Reserved: 2026-04-21T12:41:11.541Z

Link: CVE-2026-6782

cve-icon Vulnrichment

Updated: 2026-04-21T17:56:17.416Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-21T13:16:23.847

Modified: 2026-04-22T00:16:52.953

Link: CVE-2026-6782

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T23:00:03Z

Weaknesses