CVE-2026-6768EXPLOITEDPATCHED

mozilla · firefox

Mitigation bypass in the Networking: Cookies component

Description

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Affected Products

Vendor	Product	Versions
mozilla	firefox	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
mozilla	firefox esr	cert_advisory	90%
mozilla	firefox	cert_advisory	90%
mozilla	thunderbird	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories7d ago

[NEU] [mittel] Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB7d ago

CVE-2026-6768 | Mozilla Firefox up to 149 Cookies

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

150

PublishedApr 21, 2026

Last enriched7d agov2

Trending Score26

Source articles2

Independent2

Info Completeness6/14

Missing: versions, cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-7324EXP

Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 75

HIGHCVE-2026-7320EXP

Information disclosure due to incorrect boundary conditions in the Audio/Video component

Trending: 67

HIGHCVE-2026-7322EXP

Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 58

HIGHCVE-2026-7323

Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 39

CRITICALCVE-2026-7321

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

Trending: 32

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 21, 2026

Discovered by ZDM

Apr 21, 2026

Updated: description, severity, activelyExploited

Apr 21, 2026

Actively Exploited

Apr 22, 2026

Patch Available

Apr 22, 2026

Version History

Last enriched 7d ago

v2Tier C7d ago

Updated severity to HIGH, marked as actively exploited, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v18d ago

Initial creation