CVE-2026-12328

HIGH

Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Title source: cna
STIX 2.1

Description

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

References (25)

Core 25
Core References
High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2C2038477%2C2039726%2C2041373%2C2042268%2C2042451%2C2042782%2C2042858%2C2042929%2C2042965%2C2043213

Scores

CVSS v3 8.1
EPSS 0.0048
EPSS Percentile 37.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120 CWE-825
Status published
Products (9)
mozilla/firefox < 115.37.0
mozilla/firefox < 152.0
Mozilla/Firefox 115.37 - 115.*
Mozilla/Firefox 140.12 - 140.*
Mozilla/Firefox 152
mozilla/thunderbird < 152.0.0
mozilla/thunderbird 140.0 - 140.12.0
Mozilla/Thunderbird 140.12 - 140.*
Mozilla/Thunderbird 152
Published Jun 16, 2026
Tracked Since Jun 16, 2026