CVE-2026-6766
Public on 2026-04-21
Modified on 2026-04-23
Description
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Firefox Extra | firefox | 2026-05-14 | ALAS2FIREFOX-2026-058 | Fixed |
| Amazon Linux 2023 | firefox | 2026-05-14 | ALAS2023-2026-1652 | Fixed |
| Amazon Linux 2 - Firefox Extra | firefox-amzn-policies-generic | Not Affected | ||
| Amazon Linux 2 - Core | nss | Pending Fix | ||
| Amazon Linux 2023 | nss | 2026-05-15 | ALAS2023-2026-1703 | Fixed |
| Amazon Linux 2 - Core | thunderbird | 2026-05-14 | ALAS2-2026-3290 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |