CVE-2026-6754

CVE-2026-6754: Use-after-free in the JavaScript Engine component

Published April 21, 2026
Last update May 26, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Key dates

Disclosure timeline

April 21, 2026 CVE published
May 26, 2026 Record updated