View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2026-6772 not yet assigned priority: Debian including 4 source packages (firefox, firefox-esr, nss, thunderbird), 16 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 14, open 2.
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.