CVE-2026-2781

CRITICAL9.8EPSS 0.06%

nss - security update

Published: 2/24/2026Modified: 4/28/2026

Description

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.

Affected packages (5)

Debian/firefox-esrfrom 0, < 140.8.0esr-1~deb11u1
Debian/nssfrom 0, < 2:3.61-1+deb11u5
Debian/nssfrom 0, < 2:3.61-1+deb11u5
Debian/nssfrom 0, < 2:3.87.1-1+deb12u2
Debian/thunderbirdfrom 0, < 1:140.8.0esr-1~deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-2781