Description
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential memory corruption
Action: Immediate Patch
AI Analysis

Impact

The flaw stems from incorrect boundary checks in the NSS Libraries component used by Mozilla Firefox and Thunderbird. When malicious or malformed data is processed, the program may read beyond intended boundaries, corrupting adjacent memory. The CVE description does not explicitly indicate whether this leads to code execution or privilege escalation, but such memory corruption can create conditions for those effects depending on the execution context.

Affected Systems

All Mozilla Firefox releases built before version 150 and the ESR branch 140.10, as well as all Mozilla Thunderbird releases built before version 150 and the ESR branch 140.10, are affected. Versions after those releases incorporate the NSS boundary condition fix and are not impacted.

Risk and Exploitability

The likely attack vector is the manipulation of data streams processed by NSS, such as crafted certificates, cryptographic messages, or malformed attachments. These inputs can trigger memory corruption, potentially leading to remote code execution if the attacker can exploit the corrupted state. No public exploit is known, and the EPSS score of 0.00032 (0.032%) indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. However, the CVSS score of 7.5 highlights high severity, warranting prompt mitigation.

Generated by OpenCVE AI on April 27, 2026 at 19:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 150 or later (or to the ESR 140.10 branch if using the ESR channel).
  • Upgrade Mozilla Thunderbird to version 150 or later (or to the ESR 140.10 branch).
  • Ensure the operating system’s NSS library package is also updated to the patched build; if a full upgrade cannot be performed immediately, disable or restrict use of NSS‑dependent features such as cryptographic data exchange or certificate validation until the patch is applied.

Generated by OpenCVE AI on April 27, 2026 at 19:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4546-1 firefox-esr security update
Debian DLA Debian DLA DLA-4549-1 thunderbird security update
Debian DSA Debian DSA DSA-6225-1 firefox-esr security update
Debian DSA Debian DSA DSA-6229-1 thunderbird security update
History

Wed, 22 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
References

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
Title Incorrect boundary conditions in the Libraries component in NSS
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-21T23:34:59.578Z

Reserved: 2026-04-21T12:40:59.297Z

Link: CVE-2026-6766

cve-icon Vulnrichment

Updated: 2026-04-21T16:38:30.259Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T13:16:22.493

Modified: 2026-04-22T14:57:46.330

Link: CVE-2026-6766

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T12:40:59Z

Links: CVE-2026-6766 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T20:00:05Z

Weaknesses