From nobody Wed Apr 29 15:02:22 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g5LBR2hcxz6bm7q for ; Wed, 29 Apr 2026 15:02:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g5LBQ3gMYz3LdX for ; Wed, 29 Apr 2026 15:02:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777474942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YujIB1IMCfbXa6UayyrlrubxBE+aUyFLbQ1tXEFvabA=; b=gNP4XlVg55GM5OVZWCYVvT9UtKKpI0jKrF6piEa7FnZQbofjCuIWs+sSXjTGJlFA7TeE/O gf6uf+i28NTNR6plSi9Ib9gP6SDqbCvpo/tGDl+UHrCtKrcNXu9gv6WK1fONzWXqzc2cIu VZb+z61GbllGkzzbTaW7brsyESoUkIjABebVFIUfFNAOxHSk8A9sZy/Iy/HP6/osdpZO++ WxSS5Jjs5deoQKYOq2VTbR9fcLIgTVihhWN4hY2KijyS/5uQiL0B/DvUzm2HiVIClIPNp0 Pum9H2QaP172Tn8V8DVVJS5LBYhF7vskN04B8EwKZDEUpDzN4+4nqKmaj+b0Jg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777474942; a=rsa-sha256; cv=none; b=xffTWcdswU23r3SW0bWc8bhLQOeAJOL6pTvwEeysiLTv5+gHva64CmjsUS/uFzgTnwEByd kK/7GbzJE7pDmHxwPK6OKSZohdrNwOfZ8HverXK7dJEiBgO5obmLP4XweNQ4GfMctqIrZT 8mtW0cxrBS5RuW+W1Yz2So4hzEOJChLuvoVZtWO8I5ViG4JXN+tPXKCjJA6MeGTs3zVb0g 91PhKvs1QS9gOUrsbGmGaEvfz+LI+Ax2teN+UoWwyRcsBSFfE8ylw4fJnsglWbFRBPOVMu 1f+lg2Nf1xua5f6B8leU+hT8Q7kcPimn42upvSHwBvLPQJTmpcq5OBA3tcNBwg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777474942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YujIB1IMCfbXa6UayyrlrubxBE+aUyFLbQ1tXEFvabA=; b=DoCW6YJEV410PTCz8payz9S+gceorqH1u3Jt9nT6fdZszWVaDzSiTWfDDprK0qAylo9Gqr it952O5ex+MTmeLX6sK2ExFS9Xp9NNM+GAtsU1Jil5rGwgW72aVwUKiqHmx0UhlsCENzta ZGU5R9V0fnsP6UlDqlLSMQildUwNx9E85vBJ8JZjMI6ym05NYGee3l1/Ojp1qDwGar3Qlh M4kD2zwEzMZ1t0lKtzYY1IwpAuoZkAFgFj6QXQEtbN8VbRt0GjcXxET9JEkXAvioJoYVZw QQS+Itti7ZpGsZS5OonKFPyaNe+9C05CzKhgg2uZY+olKR+sQgOtahV+1JifFQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g5LBQ2tWhzm9S for ; Wed, 29 Apr 2026 15:02:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ddc5 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 29 Apr 2026 15:02:22 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= Subject: git: 32bc1f34625a - main - security/vuxml: Add Mozilla vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 32bc1f34625a622e8fce34da4e94ac8ed30e5dda Auto-Submitted: auto-generated Date: Wed, 29 Apr 2026 15:02:22 +0000 Message-Id: <69f21d7e.3ddc5.3a0505f6@gitrepo.freebsd.org> The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=32bc1f34625a622e8fce34da4e94ac8ed30e5dda commit 32bc1f34625a622e8fce34da4e94ac8ed30e5dda Author: Fernando ApesteguĂ­a AuthorDate: 2026-04-28 14:56:18 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2026-04-29 15:01:56 +0000 security/vuxml: Add Mozilla vulnerabilities * CVE-2026-6786 * CVE-2026-6785 * CVE-2026-6784 * CVE-2026-6783 * CVE-2026-6782 * CVE-2026-6781 * CVE-2026-6780 * CVE-2026-6779 * CVE-2026-6778 * CVE-2026-6777 * CVE-2026-6776 * CVE-2026-6775 * CVE-2026-6774 * CVE-2026-6773 * CVE-2026-6772 * CVE-2026-6771 * CVE-2026-6770 * CVE-2026-6769 * CVE-2026-6768 * CVE-2026-6767 * CVE-2026-6766 * CVE-2026-6765 * CVE-2026-6764 * CVE-2026-6763 * CVE-2026-6762 * CVE-2026-6761 * CVE-2026-6760 * CVE-2026-6759 * CVE-2026-6758 * CVE-2026-6757 * CVE-2026-6756 * CVE-2026-6755 * CVE-2026-6754 * CVE-2026-6753 * CVE-2026-6752 * CVE-2026-6751 * CVE-2026-6750 * CVE-2026-6749 * CVE-2026-6748 * CVE-2026-6747 * CVE-2026-6746 --- security/vuxml/vuln/2026.xml | 1486 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1486 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index ce757517f870..b97db0d362bc 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,1489 @@ + + Mozilla -- Sandbox escape + + + firefox + 150.0.0,2 + + + firefox + 140.10.1 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2029461 reports:

+
+

+ Sandbox escape due to incorrect boundary conditions in the + WebRTC: Networking component. +

+
+ + + + CVE-2026-7321 + https://cveawg.mitre.org/api/cve/CVE-2026-7321 + + + 2026-04-28 + 2026-04-29 + + + + + firefox -- Memory safety bugs + + + firefox + 150.0.1,2 + + + firefox-esr + 140.10.0 + + + + +

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports:

+
+

+ Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. +

+
+ + + + CVE-2026-7322 + https://cveawg.mitre.org/api/cve/CVE-2026-7322 + + + 2026-04-28 + 2026-04-29 + + + + + firefox -- Information disclosure + + + firefox + 150.0.1,2 + + + firefox-esr + 140.10.1 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 reports:

+
+

+ Information disclosure due to incorrect boundary + conditions in the Audio/Video component. +

+
+ + + + CVE-2026-7320 + https://cveawg.mitre.org/api/cve/CVE-2026-7320 + + + 2026-04-28 + 2026-04-29 + + + + + firefox -- Memory safety bugs + + + firefox + 150.0.1,2 + + + + +

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886 reports:

+
+

+ Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. +

+
+ + + + CVE-2026-7324 + https://cveawg.mitre.org/api/cve/CVE-2026-7324 + + + 2026-04-28 + 2026-04-29 + + + + + firefox -- Information disclosure + + + firefox + 150.0.1,2 + + + firefox-esr + 140.10.1 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 reports:

+
+

+ Information disclosure due to incorrect boundary + conditions in the Audio/Video component. +

+
+ + + + CVE-2026-7320 + https://cveawg.mitre.org/api/cve/CVE-2026-7320 + + + 2026-04-28 + 2026-04-29 + + + + + Mozilla -- Memory safety bugs + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C2024420%2C2024429%2C2024432%2C2024455%2C2024466%2C2024468%2C2024476%2C2024664%2C2024666%2C2024669%2C2024670%2C2024671%2C2024761%2C2024918%2C2025292%2C2025332%2C2025348%2C2025384%2C2025395%2C2025458%2C2025461%2C2025463%2C2025481%2C2025483%2C2025485%2C2025494%2C2025506%2C2025511%2C2025513%2C2025520%2C2026277%2C2026282%2C2026288%2C2026289%2C2026311%2C2026312%2C2026869%2C2027152%2C2027161%2C2027238%2C2027261%2C2027269%2C2027274%2C2027280%2C2027281%2C2027300%2C2027302%2C2027331%2C2027339%2C2027340%2C2027738%2C2027975%2C2028000%2C2028011%2C2028289%2C2028525%2C2028728%2C2028887%2C2028888%2C2028896%2C2029063%2C2029064%2C2029290%2C2029291%2C2029294%2C2029300%2C2029304%2C2029316%2C202931 7%2C2029401%2C2029415%2C2029430%2C2029457%2C2029727%2C2029735%2C2029743%2C2029752%2C2029754%2C2029776%2C2029809%2C2030324%2C2030370 reports:

+
+

+ Memory safety bugs present. Some of these bugs showed + evidence of memory corruption and we presume that with + enough effort some of these could have been exploited to + run arbitrary code. +

+
+ + + + CVE-2026-6786 + https://cveawg.mitre.org/api/cve/CVE-2026-6786 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Memory safety bugs + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2027291%2C202729 3%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320 reports:

+
+

+ Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. +

+
+ + + + CVE-2026-6785 + https://cveawg.mitre.org/api/cve/CVE-2026-6785 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Memory safety bugs + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801 reports:

+
+

+ Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code. +

+
+ + + + CVE-2026-6784 + https://cveawg.mitre.org/api/cve/CVE-2026-6784 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2027564 reports:

+
+

+ Incorrect boundary conditions, integer overflow in the + Audio/Video: Playback component. +

+
+ + + + CVE-2026-6783 + https://cveawg.mitre.org/api/cve/CVE-2026-6783 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Information disclosure in the IP Protection component + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2026571 reports:

+
+

Information disclosure in the IP Protection component.

+
+ + + + CVE-2026-6782 + https://cveawg.mitre.org/api/cve/CVE-2026-6782 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Denial-of-service + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2025583 reports:

+
+

Denial-of-service in the Audio/Video: Playback component.

+
+ + + + CVE-2026-6781 + https://cveawg.mitre.org/api/cve/CVE-2026-6781 + CVE-2026-6780 + https://cveawg.mitre.org/api/cve/CVE-2026-6780 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Other issue in the JavaScript Engine component + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2023343 reports:

+
+

Other issue in the JavaScript Engine component.

+
+ + + + CVE-2026-6779 + https://cveawg.mitre.org/api/cve/CVE-2026-6779 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Invalid pointer + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0,2 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2022746 reports:

+
+

Invalid pointer in the Audio/Video: Playback component.

+
+ + + + CVE-2026-6778 + https://cveawg.mitre.org/api/cve/CVE-2026-6778 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Other issue in the Networking: DNS component + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2022726 reports:

+
+

Other issue in the Networking: DNS component.

+
+ + + + CVE-2026-6777 + https://cveawg.mitre.org/api/cve/CVE-2026-6777 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2021770 reports:

+
+

+ Incorrect boundary conditions in the WebRTC: Networking + component. +

+
+ + + + CVE-2026-6776 + https://cveawg.mitre.org/api/cve/CVE-2026-6776 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions in the WebRTC component + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2021768 reports:

+
+

Incorrect boundary conditions in the WebRTC component.

+
+ + + + CVE-2026-6775 + https://cveawg.mitre.org/api/cve/CVE-2026-6775 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Mitigation bypass + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2016915 reports:

+
+

Mitigation bypass in the DOM: Security component.

+
+ + + + CVE-2026-6774 + https://cveawg.mitre.org/api/cve/CVE-2026-6774 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Denial-of-service + + + firefox + 150.0.0,2 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2015959 reports:

+
+

+ Denial-of-service due to integer overflow in the Graphics: + WebGPU component. +

+
+ + + + CVE-2026-6773 + https://cveawg.mitre.org/api/cve/CVE-2026-6773 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2026089 reports:

+
+

+ Incorrect boundary conditions in the Libraries component + in NSS. +

+
+ + + + CVE-2026-6772 + https://cveawg.mitre.org/api/cve/CVE-2026-6772 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Mitigation bypass + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2025067 reports:

+
+

Mitigation bypass in the DOM: Security component.

+
+ + + + CVE-2026-6771 + https://cveawg.mitre.org/api/cve/CVE-2026-6771 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Other issue in the Storage: IndexedDB component + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2024220 reports:

+
+

Other issue in the Storage: IndexedDB component.

+
+ + + + CVE-2026-6770 + https://cveawg.mitre.org/api/cve/CVE-2026-6770 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Privilege escalation in the Debugger component + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2023753 reports:

+
+

Privilege escalation in the Debugger component.

+
+ + + + CVE-2026-6769 + https://cveawg.mitre.org/api/cve/CVE-2026-6769 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Mitigation bypass + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2023615 reports:

+
+

Mitigation bypass in the Networking: Cookies component.

+
+ + + + CVE-2026-6768 + https://cveawg.mitre.org/api/cve/CVE-2026-6768 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Other issue in the Libraries component in NSS + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2023209 reports:

+
+

Other issue in the Libraries component in NSS.

+
+ + + + CVE-2026-6767 + https://cveawg.mitre.org/api/cve/CVE-2026-6767 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2023207 reports:

+
+

+ Incorrect boundary conditions in the Libraries component + in NSS. +

+
+ + + + CVE-2026-6766 + https://cveawg.mitre.org/api/cve/CVE-2026-6766 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Information disclosure + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2022419 reports:

+
+

Information disclosure in the Form Autofill component.

+
+ + + + CVE-2026-6765 + https://cveawg.mitre.org/api/cve/CVE-2026-6765 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Incorrect boundary conditions + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird + 150.0.0 + + + + +

https://bugzilla.mozilla.org/show_bug.cgi?id=2022162 reports:

+
+

+ Incorrect boundary conditions in the DOM: Device Interfaces + component. +

+
+ + + + CVE-2026-6764 + https://cveawg.mitre.org/api/cve/CVE-2026-6764 + + + 2026-04-21 + 2026-04-28 + + + + + Mozilla -- Mitigation bypass + + + firefox + 150.0.0,2 + + + firefox-esr + 140.10.0 + + + thunderbird *** 564 LINES SKIPPED ***