Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.
| Score | Percentile |
|---|---|
| 0.40% | 32.16% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-7gp8-9grp-c69x ↗ |
| CVE | CVE-2026-6749 ↗ |