CVE-2026-2781
published 2026-02-24CVE-2026-2781: Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | firefox-esr | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | nss | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | thunderbird | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| mozilla | firefox | < 140.8.0 | 140.8.0 |
| mozilla | firefox | < 148.0 | 148.0 |
| mozilla | firefox | — | — |
| mozilla | firefox_esr | < Firefox ESR 115.35 | Firefox ESR 115.35 |
| mozilla | nss | >= 0 < 2:3.61-1+deb11u5 | 2:3.61-1+deb11u5 |
| mozilla | nss | >= 0 < 2:3.87.1-1+deb12u2 | 2:3.87.1-1+deb12u2 |
| mozilla | nss | >= 0 < 2:3.110-1+deb13u1 | 2:3.110-1+deb13u1 |
| mozilla | nss | >= 0 < 2:3.121-1 | 2:3.121-1 |
| mozilla | thunderbird | < 140.8.0 | 140.8.0 |
| mozilla | thunderbird | < 148.0 | 148.0 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb11u1 | 1:140.8.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb12u1 | 1:140.8.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb13u1 | 1:140.8.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1 | 1:140.8.0esr-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL