CVE-2026-6757

CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component

Published April 21, 2026
Last update May 26, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Key dates

Disclosure timeline

April 21, 2026 CVE published
May 26, 2026 Record updated