CVE-2026-2781 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
NSS Firefox - Integer Overflow
Overview
NSS in Firefox < 148 and Firefox ESR < 140.8 contains an integer overflow caused by improper handling in the Libraries component, letting attackers potentially cause memory corruption, exploit requires crafted input.
Severity & Score
Impact
Attackers can cause memory corruption, potentially leading to denial of service or code execution.
Mitigation
Update to Firefox 148, Firefox ESR 140.8 or later.
References
Social Media Activity(1 post)
Ubuntu 20.04 LTS NSS Critical DoS Risk USN-8071-2 CVE-2026-2781 NSS could be made to crash or run programs if it received specially crafted network traffic. https://mastodon.social/tags/Ubuntu https://mastodon.social/tags/Linux https://mastodon.social/tags/Distribution https://mastodon.social/tags/- https://mastodon.social/tags/Security https://mastodon.social/tags/Advisories https://linuxsecurity.com/advisories/ubuntu/ubuntu-nss-8071-2 | https://awakari.com/sub-details.html?id=linux | https://awakari.com/pub-msg.html?id=JMjR3agBIQGxKNAubTuFlvJD58K&interestId=linux
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2781
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- integer_overflow
- Status
- confirmed
- EPSS
- 4.5%
- Social Posts
- 1
CWE
- CWE-190
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H