Impact
Incorrect boundary conditions in the Libraries component of the Network Security Services (NSS) stack can cause a buffer overflow, which may result in memory corruption. This weakness corresponds to CWE‑119 and CWE‑787 and can compromise confidentiality, integrity, or availability of the affected system.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected, specifically all releases prior to version 152. Versions 152 and later include the fix.
Risk and Exploitability
The CVSS v3.1 score of 7.3 indicates a high severity level. EPSS shows a probability of exploitation of less than 1%. It is not listed in the CISA KEV catalog.
OpenCVE Enrichment
Ubuntu USN