CVE-2026-6772 — Vulnetix

CVE-2026-6772 PUBLISHED CVSS 7.5 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

EPSS 0.05% · 17.1th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.05%

17.1th percentile

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	140.10, 150, 115.35
Mozilla	Thunderbird	140.10, 150

Timeline

Apr 21, 2026 CVE Published
Apr 22, 2026 EPSS Score
Apr 22, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 28, 2026 Distribution Patch
Apr 28, 2026 Distribution Patch
Apr 30, 2026 Distribution Patch

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2026089 url
https://www.mozilla.org/security/advisories/mfsa2026-30/ url
https://www.mozilla.org/security/advisories/mfsa2026-31/ url
https://www.mozilla.org/security/advisories/mfsa2026-32/ url
https://www.mozilla.org/security/advisories/mfsa2026-33/ url
https://www.mozilla.org/security/advisories/mfsa2026-34/ url
https://nvd.nist.gov/vuln/detail/CVE-2026-6772 advisory
https://www.mozilla.org/security/advisories/mfsa2026-30 url
https://www.mozilla.org/security/advisories/mfsa2026-31 url
https://www.mozilla.org/security/advisories/mfsa2026-32 url

Open in Interactive Console →