CVE-2026-6772Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-787Out-of-bounds Write9 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 84.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedApr 21

Description

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mozillamozilla/firefox< Firefox 150
Mozillamozilla/firefox_esr< Firefox ESR 115.35+1
Mozillamozilla/thunderbird< Thunderbird 150+1

🔴Vulnerability Details

1
GHSA
GHSA-c2q7-642g-3vwr: Incorrect boundary conditions in the Libraries component in NSS2026-04-21

📋Vendor Advisories

6
Red Hat
firefox: Incorrect boundary conditions in the Libraries component in NSS2026-04-21
Mozilla
Mozilla Foundation Security Advisory 2026-31: CVE-2026-6772
Mozilla
Mozilla Foundation Security Advisory 2026-33: CVE-2026-6772
Mozilla
Mozilla Foundation Security Advisory 2026-30: CVE-2026-6772
Mozilla
Mozilla Foundation Security Advisory 2026-34: CVE-2026-6772

💬Community

1
Bugzilla
CVE-2026-6772 firefox: Incorrect boundary conditions in the Libraries component in NSS2026-04-21
CVE-2026-6772 — Mozilla Firefox vulnerability | cvebase