Description
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Incorrect boundary conditions in the Libraries component of the Network Security Services (NSS) stack can cause a buffer overflow, which may result in memory corruption. This weakness corresponds to CWE‑119 and CWE‑787 and can compromise confidentiality, integrity, or availability of the affected system.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird are affected, specifically all releases prior to version 152. Versions 152 and later include the fix.

Risk and Exploitability

The CVSS v3.1 score of 7.3 indicates a high severity level. EPSS shows a probability of exploitation of less than 1%. It is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 25, 2026 at 13:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Mozilla Firefox 152 or newer.
  • Upgrade to Mozilla Thunderbird 152 or newer.
  • Monitor system logs for abnormal NSS activity after applying the updates.

Generated by OpenCVE AI on June 25, 2026 at 13:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8481-1 NSS vulnerability
History

Thu, 25 Jun 2026 12:45:00 +0000


Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
References

Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152.
Title Incorrect boundary conditions in the Libraries component in NSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-16T18:07:00.082Z

Reserved: 2026-06-15T15:08:18.136Z

Link: CVE-2026-12318

cve-icon Vulnrichment

Updated: 2026-06-16T18:04:13.729Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:32.463

Modified: 2026-06-16T19:16:34.230

Link: CVE-2026-12318

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-16T11:52:51Z

Links: CVE-2026-12318 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T14:00:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write