CVE-2026-6772
Boundary Condition Error in NSS Libraries Causes Potential Memory Issues
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 150.0 (exc) |
| mozilla | firefox | to 115.35.0 (exc) |
| mozilla | firefox | From 140.0 (inc) to 140.10.0 (exc) |
| mozilla | thunderbird | to 140.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves incorrect boundary conditions in the Libraries component of NSS (Network Security Services).
It was addressed and fixed in Firefox versions 150, Firefox ESR 115.35, and Firefox ESR 140.10.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 150 or later, or update Firefox ESR to versions 115.35 or 140.10 or later where the issue has been fixed.
How can this vulnerability impact me? :
This vulnerability in the Libraries component of NSS involves incorrect boundary conditions, which can lead to a high impact on confidentiality as indicated by the CVSS score (C:H). It means that an attacker could potentially access sensitive information without requiring privileges or user interaction.