CVE-2026-6767

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=2023209	Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-30/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-31/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-32/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-34/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:thunderbird:::::esr:::*

History

22 Apr 2026, 17:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:a:mozilla:thunderbird:::::esr:::* cpe:2.3:a:mozilla:firefox:::::esr:::*
First Time		Mozilla Mozilla firefox Mozilla thunderbird
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=2023209 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=2023209 - Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-30/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-30/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-31/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-31/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-32/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-32/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-33/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-33/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-34/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-34/ - Vendor Advisory

22 Apr 2026, 00:16

Type	Values Removed	Values Added
References		() https://www.mozilla.org/security/advisories/mfsa2026-33/ - () https://www.mozilla.org/security/advisories/mfsa2026-34/ -
Summary	~~(en) Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.~~	(en) Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

21 Apr 2026, 19:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CWE		CWE-119

21 Apr 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-21 13:16

Updated : 2026-04-22 17:37

NVD link : CVE-2026-6767

Mitre link : CVE-2026-6767

CVE.ORG link : CVE-2026-6767

JSON object : View

Products Affected

mozilla

firefox
thunderbird

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.3 /10