प्लेटफ़ॉर्म
firefox
घटक
nss
में ठीक किया गया
150.0.0
150.0.0
CVE-2026-6772 describes a boundary condition vulnerability discovered in the Libraries component of Network Security Services (NSS). This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the stability and availability of applications relying on NSS. The vulnerability affects versions 115.0.0 through 140.* and has been resolved in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
An attacker could exploit this boundary condition vulnerability to trigger a denial-of-service (DoS) attack. This means they could crash or hang applications utilizing the affected NSS libraries, effectively disrupting service. The impact is primarily related to availability; however, a prolonged DoS could indirectly lead to data loss or other security compromises if critical services become unavailable. While the specific attack vector isn't detailed, the nature of boundary condition vulnerabilities often involves carefully crafted inputs designed to trigger unexpected behavior and resource exhaustion within the library.
CVE-2026-6772 was published on 2026-04-21. Its exploitation probability is currently pending evaluation. No public proof-of-concept (PoC) code has been publicly released as of this writing. It is not currently listed on CISA KEV or EPSS, indicating a low immediate threat level, but ongoing monitoring is recommended.
एक्सप्लॉइट स्थिति
EPSS
0.05% (15% शतमक)
The primary mitigation for CVE-2026-6772 is to upgrade to a patched version of NSS. Specifically, upgrade Firefox to version 150, Firefox ESR to version 115.35 or 140.10, or Thunderbird to version 150 or 140.10. If immediate upgrading is not feasible, consider implementing temporary workarounds such as input validation on data processed by NSS libraries. While a WAF or proxy cannot directly mitigate this vulnerability, they can help protect against malicious inputs that could trigger the flaw. After upgrading, confirm the fix by attempting to reproduce the vulnerability with known attack vectors (if available) or by monitoring system stability for any unexpected behavior.
Actualice Firefox a la versión 150 o posterior, Firefox ESR a la versión 115.35 o posterior, o Thunderbird a la versión 150 o posterior para mitigar esta vulnerabilidad de límites incorrectos en la biblioteca NSS. La actualización parchea la vulnerabilidad y previene posibles exploits.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-6772 is a vulnerability in the NSS Libraries component that can lead to a denial-of-service. It affects versions 115.0.0–140.* and allows an attacker to potentially crash applications using NSS.
You are potentially affected if you are using NSS versions between 115.0.0 and 140.* in applications like Firefox, Firefox ESR, or Thunderbird. Check your version and upgrade if necessary.
Upgrade to a patched version: Firefox 150, Firefox ESR 115.35 or 140.10, or Thunderbird 150 or 140.10. Consider input validation as a temporary workaround if upgrading is not immediately possible.
As of now, there are no publicly known active exploits or campaigns targeting CVE-2026-6772. However, ongoing monitoring is recommended.
Refer to the Mozilla Security Advisories page for details: https://www.mozilla.org/en-US/security/advisories/
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।