Detections
Analytics

CVE-2026-2781

critical

Description

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.

References

https://www.mozilla.org/security/advisories/mfsa2026-31/

https://www.mozilla.org/security/advisories/mfsa2026-17/

https://www.mozilla.org/security/advisories/mfsa2026-16/

https://www.mozilla.org/security/advisories/mfsa2026-15/

https://www.mozilla.org/security/advisories/mfsa2026-13/

https://lists.debian.org/debian-lts-announce/2026/03/msg00012.html

https://bugzilla.mozilla.org/show_bug.cgi?id=2009552

Details

Source: Mitre, NVD

Published: 2026-02-24

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00018