Description
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
Published: 2026-06-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Incorrect boundary checks and incorrect length calculation in Mozilla Firefox’s Graphics: Text component create a buffer overflow (CWE-119, CWE-131). This flaw could let an attacker corrupt memory, potentially causing crashes or other unintended behavior. Based on the description, it is inferred that if the overwritten data affects executable code or control flow, the impact could be more severe.

Affected Systems

All Mozilla Firefox users on operating systems running a version earlier than 151.0.3 are affected. The issue was fixed in Firefox 151.0.3, so versions 151.0.2 and below remain vulnerable.

Risk and Exploitability

The CVSS score of 7.5 signals high severity, while an EPSS score of < 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, and no public exploit has been documented, which keeps the overall risk moderate pending further evidence.

Generated by OpenCVE AI on June 25, 2026 at 13:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 151.0.3 or later.
  • If an upgrade is delayed, consider disabling or restricting untrusted web content that could trigger the Graphics: Text component, for example by applying stricter content‑security policies.
  • Monitor browser logs and system behavior for crashes or unexpected behavior that could indicate exploitation.
  • Enable or enforce sandboxing features for the browser to limit the damage potential of any exploitation.

Generated by OpenCVE AI on June 25, 2026 at 13:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

threat_severity

Important


Thu, 04 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 03 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 03 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
Title Incorrect boundary conditions in the Graphics: Text component
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-30T03:18:00.441Z

Reserved: 2026-06-02T17:12:56.980Z

Link: CVE-2026-10701

cve-icon Vulnrichment

Updated: 2026-06-30T02:43:39.648Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-02T20:16:33.227

Modified: 2026-06-04T17:25:36.590

Link: CVE-2026-10701

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T17:15:59Z

Links: CVE-2026-10701 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T13:30:15Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-131

    Incorrect Calculation of Buffer Size