CVE-2026-12298
MEDIUMMozilla Firefox - Memory Safety Bug Fixed in Thunderbird 152
Title source: ruleDescription
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
References (24)
Core 24
Core References
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27717
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27733
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27734
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:29940
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:30846
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-12298
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2489248
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:33445
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36100
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36101
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36102
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36103
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:37210
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:37391
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38506
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38750
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38751
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38753
Scores
CVSS v3
5.4
EPSS
0.0031
EPSS Percentile
22.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-416
CWE-787
CWE-843
Status
published
Products (8)
mozilla/firefox
< 152.0
mozilla/firefox
140.0 - 140.12.0
Mozilla/Firefox
140.12 - 140.*
Mozilla/Firefox
152
mozilla/thunderbird
< 152.0.0
mozilla/thunderbird
140.0 - 140.12.0
Mozilla/Thunderbird
140.12 - 140.*
Mozilla/Thunderbird
152
Published
Jun 16, 2026
Tracked Since
Jun 16, 2026