CVE-2026-6772
HIGH7.5EPSS 0.05%Published: 4/21/2026Modified: 5/21/2026
Description
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Affected packages (3)
- Debian/firefox-esrfrom 0, < 140.10.0esr-1~deb11u1
- Debian/nssfrom 0
- Debian/thunderbirdfrom 0, < 1:140.10.0esr-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |