CVE-2026-6756
Published: 21 April 2026
Description
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the mitigation bypass vulnerability in Firefox for Android by applying the patch in version 150.
Enables vulnerability scanning to identify and prioritize systems running vulnerable versions of Firefox for Android affected by CVE-2026-6756.
Restricts execution to authorized, patched versions of Firefox for Android, preventing use of instances vulnerable to CVE-2026-6756.
Security SummaryAI
CVE-2026-6756 is a mitigation bypass vulnerability (CWE-200) in Firefox for Android, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Published on 2026-04-21, it allows attackers to circumvent security mitigations implemented in the browser.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation results in high integrity impact, enabling modification of data or behavior without affecting confidentiality or availability.
Mozilla addressed this issue in Firefox 150, as detailed in their security advisory (MFSA 2026-30) and Bugzilla entry 1992585. Security practitioners should ensure Firefox for Android instances are updated to version 150 or later to mitigate the risk.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote no-interaction client-side browser mitigation bypass with high integrity impact directly enables exploitation for client execution in a browser application.