CVE-2026-6772: Vulnerability in Mozilla Firefox
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
AI Analysis
Technical Summary
CVE-2026-6772 involves incorrect boundary conditions in the NSS Libraries component of Mozilla Firefox and Thunderbird. This memory safety issue could potentially lead to confidentiality breaches. The vulnerability is rated high severity with a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is remotely exploitable without privileges or user interaction and impacts confidentiality. Mozilla fixed this vulnerability in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10 as documented in multiple Mozilla security advisories (MFSA2026-30, MFSA2026-31, MFSA2026-32).
Potential Impact
The vulnerability allows an attacker to exploit incorrect boundary conditions in the NSS Libraries component, potentially leading to high confidentiality impact. The CVSS vector indicates no impact on integrity or availability, but full confidentiality compromise is possible. No known exploits in the wild have been reported. The issue affects multiple Firefox and Thunderbird versions prior to the fixed releases.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. Users and administrators should update to these versions or later to remediate the issue. Patch status is confirmed by Mozilla advisories. No additional mitigation actions are required beyond applying the official updates.
CVE-2026-6772: Vulnerability in Mozilla Firefox
Description
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6772 involves incorrect boundary conditions in the NSS Libraries component of Mozilla Firefox and Thunderbird. This memory safety issue could potentially lead to confidentiality breaches. The vulnerability is rated high severity with a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is remotely exploitable without privileges or user interaction and impacts confidentiality. Mozilla fixed this vulnerability in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10 as documented in multiple Mozilla security advisories (MFSA2026-30, MFSA2026-31, MFSA2026-32).
Potential Impact
The vulnerability allows an attacker to exploit incorrect boundary conditions in the NSS Libraries component, potentially leading to high confidentiality impact. The CVSS vector indicates no impact on integrity or availability, but full confidentiality compromise is possible. No known exploits in the wild have been reported. The issue affects multiple Firefox and Thunderbird versions prior to the fixed releases.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. Users and administrators should update to these versions or later to remediate the issue. Patch status is confirmed by Mozilla advisories. No additional mitigation actions are required beyond applying the official updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-04-21T12:41:04.255Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","vendor":"Mozilla"}]
Threat ID: 69e7789e19fe3cd2cdd164c0
Added to database: 4/21/2026, 1:16:14 PM
Last enriched: 5/26/2026, 7:41:49 PM
Last updated: 6/5/2026, 12:46:32 PM
Views: 78
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.