CVE-2026-6765

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-6765
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=2022419 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-30/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-32/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-33/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-34/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
History

22 Apr 2026, 16:07

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=2022419 - () https://bugzilla.mozilla.org/show_bug.cgi?id=2022419 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2026-30/ - () https://www.mozilla.org/security/advisories/mfsa2026-30/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-32/ - () https://www.mozilla.org/security/advisories/mfsa2026-32/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-33/ - () https://www.mozilla.org/security/advisories/mfsa2026-33/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-34/ - () https://www.mozilla.org/security/advisories/mfsa2026-34/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
First Time Mozilla
Mozilla firefox
Mozilla thunderbird

22 Apr 2026, 00:16

Type Values Removed Values Added
Summary (en) Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. (en) Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
References
  • () https://www.mozilla.org/security/advisories/mfsa2026-33/ -
  • () https://www.mozilla.org/security/advisories/mfsa2026-34/ -

21 Apr 2026, 21:16

Type Values Removed Values Added
CWE CWE-359
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

21 Apr 2026, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-21 13:16

Updated : 2026-04-22 16:07

NVD link : CVE-2026-6765

Mitre link : CVE-2026-6765

CVE.ORG link : CVE-2026-6765

JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-359

Exposure of Private Personal Information to an Unauthorized Actor