CVE-2026-12318 - Vulnerability Details - OpenCVE

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Mozilla	Firefox

No data.

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=2023478
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-60/

History

Tue, 16 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 16 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description	Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152.	Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
References		https://www.mozilla.org/security/advisories/mfsa2026-60/

Tue, 16 Jun 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
Vendors & Products		Mozilla Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152.
Title		Incorrect boundary conditions in the Libraries component in NSS
References		https://bugzilla.mozilla.org/show_bug.cgi?id=2023478 https://www.mozilla.org/security/advisories/mfsa2026-57/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2026-06-16T11:52:51.844Z

Updated: 2026-06-16T18:07:00.082Z

Reserved: 2026-06-15T15:08:18.136Z

Link: CVE-2026-12318

Vulnrichment

Updated: 2026-06-16T18:04:13.729Z

NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:32.463

Modified: 2026-06-16T19:16:34.230

Link: CVE-2026-12318

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12318", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-06-15T15:08:18.136Z", "datePublished": "2026-06-16T11:52:51.844Z", "dateUpdated": "2026-06-16T18:07:00.082Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "152", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "152", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152."}]}], "title": "Incorrect boundary conditions in the Libraries component in NSS", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023478"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"}], "credits": [{"lang": "en", "value": "Haruto Kimura"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-06-16T16:08:40.834Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T18:04:22.429929Z", "id": "CVE-2026-12318", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T18:07:00.082Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-12318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-16T18:04:22.429929Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T18:04:13.729Z"}}], "cna": {"title": "Incorrect boundary conditions in the Libraries component in NSS", "credits": [{"lang": "en", "value": "Haruto Kimura"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "152", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "152", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023478"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"}], "descriptions": [{"lang": "en", "value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.", "supportingMedia": [{"type": "text/html", "value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-06-16T16:08:40.834Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12318", "state": "PUBLISHED", "dateUpdated": "2026-06-16T18:07:00.082Z", "dateReserved": "2026-06-15T15:08:18.136Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-06-16T11:52:51.844Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}