VIR Vulnerability Intelligence Relay

CVE-2026-6774

unknown
Published 2026-04-21 · Modified 2026-05-27
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
—
CVSS v4 NEW
—
not yet in upstream
VIR risk
—

Description

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Predictions

Exploit likelihood
20%
Patch ETA
—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-6774 NameCVE-2026-6774 DescriptionMitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source…

Workaround

bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus firefox (PTS)sid151.0.3-1fixed The information below is based on the following data on fixed versions. PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs firefoxsource(unstable)150.0-1 Notes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6774

CVE-2026-6774

NameCVE-2026-6774
DescriptionMitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid151.0.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)150.0-1

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6774

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6774

OS impact
debian Debian Fixed 1 release
VersionStatusFixed in
sid Fixed 150.0-1

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.