Vulnerability-Lookup

alsa-2026:27733

Vulnerability from osv_almalinux

Published

2026-06-22 00:00

Modified

2026-06-23 10:17

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)
firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)
firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)
firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)
firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)
firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)
firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)
firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)
firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)
firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)
firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:27733	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-12289	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12290	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12291	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12292	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12294	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12295	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12296	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12297	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12298	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12299	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12302	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12304	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12305	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12306	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12307	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12308	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12309	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12310	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12311	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12312	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12313	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12314	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12315	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12324	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12325	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12327	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12328	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12329	REPORT
	https://access.redhat.com/security/cve/CVE-2026-12330	REPORT
	https://bugzilla.redhat.com/2489207	REPORT
	https://bugzilla.redhat.com/2489208	REPORT
	https://bugzilla.redhat.com/2489209	REPORT
	https://bugzilla.redhat.com/2489210	REPORT
	https://bugzilla.redhat.com/2489211	REPORT
	https://bugzilla.redhat.com/2489212	REPORT
	https://bugzilla.redhat.com/2489214	REPORT
	https://bugzilla.redhat.com/2489215	REPORT
	https://bugzilla.redhat.com/2489217	REPORT
	https://bugzilla.redhat.com/2489218	REPORT
	https://bugzilla.redhat.com/2489220	REPORT
	https://bugzilla.redhat.com/2489221	REPORT
	https://bugzilla.redhat.com/2489223	REPORT
	https://bugzilla.redhat.com/2489224	REPORT
	https://bugzilla.redhat.com/2489225	REPORT
	https://bugzilla.redhat.com/2489226	REPORT
	https://bugzilla.redhat.com/2489229	REPORT
	https://bugzilla.redhat.com/2489231	REPORT
	https://bugzilla.redhat.com/2489232	REPORT
	https://bugzilla.redhat.com/2489233	REPORT
	https://bugzilla.redhat.com/2489234	REPORT
	https://bugzilla.redhat.com/2489235	REPORT
	https://bugzilla.redhat.com/2489236	REPORT
	https://bugzilla.redhat.com/2489237	REPORT
	https://bugzilla.redhat.com/2489239	REPORT
	https://bugzilla.redhat.com/2489240	REPORT
	https://bugzilla.redhat.com/2489243	REPORT
	https://bugzilla.redhat.com/2489244	REPORT
	https://bugzilla.redhat.com/2489248	REPORT
	https://errata.almalinux.org/10/ALSA-2026-27733.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.12.0-1.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n  * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n  * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n  * firefox: thunderbird: JIT miscompilation in the DOM: Core \u0026 HTML component (CVE-2026-12299)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n  * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n  * firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)\n  * firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n  * firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n  * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n  * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n  * firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n  * firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n  * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n  * firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n  * firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n  * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:27733",
  "modified": "2026-06-23T10:17:02Z",
  "published": "2026-06-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:27733"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12289"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12290"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12291"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12292"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12294"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12295"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12296"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12297"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12298"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12299"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12302"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12304"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12305"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12306"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12307"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12308"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12309"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12310"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12311"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12312"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12313"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12314"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12315"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12324"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12325"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12327"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12328"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12329"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12330"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489207"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489208"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489209"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489210"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489211"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489212"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489214"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489215"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489217"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489218"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489220"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489221"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489223"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489224"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489225"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489226"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489229"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489231"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489232"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489233"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489234"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489235"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489236"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489237"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489239"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489240"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489243"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489244"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2489248"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-27733.html"
    }
  ],
  "related": [
    "CVE-2026-12294",
    "CVE-2026-12313",
    "CVE-2026-12311",
    "CVE-2026-12290",
    "CVE-2026-12327",
    "CVE-2026-12299",
    "CVE-2026-12329",
    "CVE-2026-12312",
    "CVE-2026-12302",
    "CVE-2026-12328",
    "CVE-2026-12330",
    "CVE-2026-12314",
    "CVE-2026-12309",
    "CVE-2026-12310",
    "CVE-2026-12325",
    "CVE-2026-12295",
    "CVE-2026-12289",
    "CVE-2026-12315",
    "CVE-2026-12296",
    "CVE-2026-12306",
    "CVE-2026-12307",
    "CVE-2026-12297",
    "CVE-2026-12305",
    "CVE-2026-12292",
    "CVE-2026-12308",
    "CVE-2026-12324",
    "CVE-2026-12304",
    "CVE-2026-12291",
    "CVE-2026-12298"
  ],
  "summary": "Important: firefox security update"
}

CVE-2026-12313 (GCVE-0-2026-12313)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-16 16:08

Title

Information disclosure, sandbox escape in the Security: Process Sandboxing component

Summary

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2040477
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

evyatar

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12313",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:32:03.424627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:32:06.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "evyatar"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:38.239Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040477"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Information disclosure, sandbox escape in the Security: Process Sandboxing component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12313",
    "datePublished": "2026-06-16T11:52:46.728Z",
    "dateReserved": "2026-06-15T15:08:15.915Z",
    "dateUpdated": "2026-06-16T16:08:38.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12314 (GCVE-0-2026-12314)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 18:00

Title

Memory safety bug fixed in Firefox 152

Summary

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416 - Use After Free
CWE-787 - Out-of-bounds Write
CWE-125 - Out-of-bounds Read

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2041856
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

satyamasd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12314",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T18:13:34.491842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T18:14:35.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "satyamasd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T18:00:53.179Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2041856"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bug fixed in Firefox 152"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12314",
    "datePublished": "2026-06-16T11:52:47.771Z",
    "dateReserved": "2026-06-15T15:08:16.363Z",
    "dateUpdated": "2026-06-18T18:00:53.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12315 (GCVE-0-2026-12315)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-16 18:26

Title

Mitigation bypass in the DOM: Security component

Summary

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2042058
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Nguyen Minh

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T18:26:06.778047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T18:26:13.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nguyen Minh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:39.278Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2042058"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Mitigation bypass in the DOM: Security component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12315",
    "datePublished": "2026-06-16T11:52:48.735Z",
    "dateReserved": "2026-06-15T15:08:16.927Z",
    "dateUpdated": "2026-06-16T18:26:13.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12324 (GCVE-0-2026-12324)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-16 16:11

Title

Incorrect boundary conditions in the Graphics: CanvasWebGL component

Summary

Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-703 - Improper Check or Handling of Exceptional Conditions

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038444
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Mihalis Haatainen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12324",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T16:11:28.026841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-703",
                "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T16:11:30.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mihalis Haatainen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:44.115Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038444"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: CanvasWebGL component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12324",
    "datePublished": "2026-06-16T11:52:57.719Z",
    "dateReserved": "2026-06-15T15:08:21.057Z",
    "dateUpdated": "2026-06-16T16:11:30.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12325 (GCVE-0-2026-12325)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-16 16:08

Title

Denial-of-service in the Graphics: ImageLib component

Summary

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2039443
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Securin

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:44:54.039699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:45:18.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Securin"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:44.643Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039443"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Denial-of-service in the Graphics: ImageLib component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12325",
    "datePublished": "2026-06-16T11:52:58.728Z",
    "dateReserved": "2026-06-15T15:08:21.546Z",
    "dateUpdated": "2026-06-16T16:08:44.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12327 (GCVE-0-2026-12327)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:53 – Updated: 2026-06-17 11:08

Title

Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Summary

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T03:55:51.877514Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T11:08:52.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:45.759Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2011842%2C2023902%2C2025512%2C2027312%2C2029444%2C2036571%2C2036900%2C2036936%2C2037995%2C2038551%2C2040717%2C2042724"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12327",
    "datePublished": "2026-06-16T11:53:00.798Z",
    "dateReserved": "2026-06-15T15:08:22.115Z",
    "dateUpdated": "2026-06-17T11:08:52.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12328 (GCVE-0-2026-12328)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:53 – Updated: 2026-06-17 03:55

Title

Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Summary

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12328",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T03:55:52.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:46.290Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2C2038477%2C2039726%2C2041373%2C2042268%2C2042451%2C2042782%2C2042858%2C2042929%2C2042965%2C2043213"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12328",
    "datePublished": "2026-06-16T11:53:01.835Z",
    "dateReserved": "2026-06-15T15:08:22.260Z",
    "dateUpdated": "2026-06-17T03:55:52.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12329 (GCVE-0-2026-12329)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:53 – Updated: 2026-06-16 16:08

Title

Memory safety bug fixed in Thunderbird ESR 140.12

Summary

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416 - Use After Free
CWE-476 - NULL Pointer Dereference

Assigner

mozilla

References

3 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2044738
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ * (rpm)

Credits

Michael Froman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T15:45:57.593473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T15:46:00.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael Froman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:46.826Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2044738"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bug fixed in Thunderbird ESR 140.12"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12329",
    "datePublished": "2026-06-16T11:53:02.833Z",
    "dateReserved": "2026-06-15T15:08:22.406Z",
    "dateUpdated": "2026-06-16T16:08:46.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12330 (GCVE-0-2026-12330)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:53 – Updated: 2026-06-16 16:08

Title

Incorrect boundary conditions in the Internationalization component

Summary

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

4 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2029326
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ * (rpm)

Credits

Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T15:09:18.818466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T15:09:23.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12."
            }
          ],
          "value": "Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:47.339Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029326"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Incorrect boundary conditions in the Internationalization component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12330",
    "datePublished": "2026-06-16T11:53:03.839Z",
    "dateReserved": "2026-06-15T15:08:22.804Z",
    "dateUpdated": "2026-06-16T16:08:47.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2026:27733

Vulnerability from osv_almalinux

CVE-2026-12313 (GCVE-0-2026-12313)

CVE-2026-12314 (GCVE-0-2026-12314)

CVE-2026-12315 (GCVE-0-2026-12315)

CVE-2026-12324 (GCVE-0-2026-12324)

CVE-2026-12325 (GCVE-0-2026-12325)

CVE-2026-12327 (GCVE-0-2026-12327)

CVE-2026-12328 (GCVE-0-2026-12328)

CVE-2026-12329 (GCVE-0-2026-12329)

CVE-2026-12330 (GCVE-0-2026-12330)

Tags

Sightings

Nomenclature