CVE-2026-6781 is a denial-of-service vulnerability affecting the Audio/Video playback component in Mozilla Firefox. The flaw allows an attacker to cause a denial-of-service condition, impacting the availability of the affected software. This vulnerability was addressed and fixed in Firefox 150 and Thunderbird 150 as part of a comprehensive security update that resolved multiple memory safety and other security issues. The CVSS v3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or integrity impact, but high impact on availability.

The vulnerability can cause denial-of-service, resulting in the affected Firefox or Thunderbird application becoming unresponsive or crashing when processing audio/video playback. There is no impact on confidentiality or integrity. No known exploitation in the wild has been reported. The vulnerability affects availability and could disrupt user experience or service continuity.

Mozilla has released an official fix for this vulnerability in Firefox 150 and Thunderbird 150. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, patching the client software is required. There are no vendor advisories indicating that no action is required or that the issue is already mitigated without patching. Patch status is confirmed fixed in Firefox 150 and Thunderbird 150.