CVE-2026-6770

6.5

Medium

Published:21 Apr 2026

Last updated:17 Jun 2026

Source:security@mozilla.org

Analyzed

Weakness (CWE)

CWE-200Exposure of Sensitive Information

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: Low

View on MITRE Find PoC on GitHub

Description

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

References

security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=2024220

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-30/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-32/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-33/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-34/

Return to CVE list

CVE-2026-6770

6.5

Medium

Published:21 Apr 2026

Last updated:17 Jun 2026

Source:security@mozilla.org

Analyzed

Weakness (CWE)

CWE-200Exposure of Sensitive Information

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: Low

View on MITRE Find PoC on GitHub

Description

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

References

security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=2024220

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-30/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-32/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-33/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-34/