Is Mozilla Firefox NSS affected by CVE-2026-6772?

CVE-2026-6772 is a high-severity information disclosure vulnerability in Mozilla Firefox's NSS cryptographic library that allows remote attackers to extract confidential data without authentication.

Mozilla Firefox NSS CVE-2026-6772

EUVD-2026-24113 HIGH

Improper Check for Unusual or Exceptional Conditions (CWE-754)

2026-04-21 mozilla

GHSA-c2q7-642g-3vwr

Information Disclosure Mozilla

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 00:35 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 00:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 20:25 vuln.today

CVSS changed

Apr 21, 2026 - 20:22 NVD

7.5 (HIGH)

DescriptionNVD

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

AnalysisAI

Information disclosure in Mozilla Firefox NSS Library component allows remote unauthenticated attackers to extract high-value confidential data via network-accessible boundary condition errors. Affects Firefox versions prior to 150, ESR 115.x prior to 115.35, and ESR 140.x prior to 140.10. …

RemediationAI

Within 24 hours: inventory all Firefox and Firefox ESR instances across the organization using endpoint management or asset discovery tools; identify users with versions prior to 150 (Firefox) or 115.35/140.10 (ESR). Within 7 days: mandate upgrade to Firefox 150 or ESR 115.35/140.10 or later across all affected endpoints; prioritize devices handling high-sensitivity data or accessing authentication systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6772 vulnerability details – vuln.today

Back

Mozilla Firefox NSS CVE-2026-6772

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code