CVE-2026-12328
HIGHMemory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Title source: cnaDescription
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
References (25)
Core 25
Core References
High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2C2038477%2C2039726%2C2041373%2C2042268%2C2042451%2C2042782%2C2042858%2C2042929%2C2042965%2C2043213
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27717
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27733
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:27734
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:29940
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:30846
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-12328
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2489218
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:33445
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36100
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36101
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36102
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:36103
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:37210
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:37391
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38506
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38750
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38751
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:38753
Scores
CVSS v3
8.1
EPSS
0.0048
EPSS Percentile
37.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
CWE-825
Status
published
Products (9)
mozilla/firefox
< 115.37.0
mozilla/firefox
< 152.0
Mozilla/Firefox
115.37 - 115.*
Mozilla/Firefox
140.12 - 140.*
Mozilla/Firefox
152
mozilla/thunderbird
< 152.0.0
mozilla/thunderbird
140.0 - 140.12.0
Mozilla/Thunderbird
140.12 - 140.*
Mozilla/Thunderbird
152
Published
Jun 16, 2026
Tracked Since
Jun 16, 2026