CVE-2026-6773
Published: 21 April 2026
Description
Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and patching of system flaws, directly mitigating this integer overflow vulnerability fixed in Firefox 150 and Thunderbird 150.
RA-5 mandates vulnerability scanning that would identify outdated Firefox/Thunderbird versions vulnerable to this WebGPU integer overflow.
SC-5 provides denial-of-service protections that limit the impact of resource exhaustion and crashes from this remote unauthenticated integer overflow exploit.
Security SummaryAI
CVE-2026-6773 is a denial-of-service vulnerability stemming from an integer overflow (CWE-190) in the Graphics: WebGPU component of Mozilla Firefox and Thunderbird. Published on 2026-04-21, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with no effects on confidentiality or integrity.
Remote, unauthenticated attackers can exploit the vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation leads to denial of service, potentially causing browser or application crashes and resource exhaustion on affected systems.
Mozilla addressed the issue in Firefox 150 and Thunderbird 150. Additional details on patches and mitigations are available in Mozilla Security Advisories MFSA2026-30 and MFSA2026-33, along with Bugzilla entry 2015959.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The integer overflow in the browser's WebGPU component enables remote unauthenticated exploitation causing application crashes and resource exhaustion, directly mapping to Endpoint Denial of Service via application or system exploitation.