DEBIAN-CVE-2026-6763

DEBIAN-CVE-2026-6763 PUBLISHED CVSS 6.5 MEDIUM

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:13	thunderbird	0, 140.9.1, 140.9.1
Debian:12	thunderbird	1:128.3.2esr-1, 1:128.4.0esr-1, 1:128.4.0esr-1~deb11u1
Debian:11	firefox-esr	115.9.1esr-1~deb11u1, 0, 102.1.0esr-2
Debian:12	firefox-esr	128.3.0, 115.14.0esr-1~deb11u1, 115.14.0esr-1
Debian:14	firefox-esr	, , *
Debian:13	firefox-esr	140.3.0esr-1~deb13u1, 140.3.0esr-2, 140.3.1esr-1
Debian:14	thunderbird	140.7.1, 140.7.0, 140.7.0
Debian:11	thunderbird	*, 1:115.8.0-1~deb11u1, 1:115.8.0-1~deb12u1

Exploit Intelligence

mfsa2026-30.yml (github-poc)
mfsa2026-34.yml (github-poc)
2026-04-29_417_firefox-esr.yaml (github-poc)
2026.xml (github-poc)
blog-045.ts (github-poc)

Timeline

Apr 21, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-6763 advisory

Open in Interactive Console →