CVE-2026-12327
HIGHMemory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Title source: cnaDescription
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
References (5)
Core 5
Core References
Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2011842%2C2023902%2C2025512%2C2027312%2C2029444%2C2036571%2C2036900%2C2036936%2C2037995%2C2038551%2C2040717%2C2042724
Scores
CVSS v3
8.1
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (8)
mozilla/firefox
< 115.37.0
mozilla/firefox
< 152.0.0
Mozilla/Firefox
140.12 - 140.*
Mozilla/Firefox
152
mozilla/thunderbird
< 152.0.0
mozilla/thunderbird
140.0 - 140.12.0
Mozilla/Thunderbird
140.12 - 140.*
Mozilla/Thunderbird
152
Published
Jun 16, 2026
Tracked Since
Jun 16, 2026