CVE-2026-12330

MEDIUM

Mozilla Firefox - Incorrect Boundary Conditions in the Internationalization Component

Title source: rule
STIX 2.1

Description

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.

Scores

CVSS v3 5.4
EPSS 0.0016
EPSS Percentile 6.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-119
Status published
Products (5)
mozilla/firefox < 115.37.0
Mozilla/Firefox 115.37 - 115.*
Mozilla/Firefox 140.12
mozilla/thunderbird 140.0 - 140.12.0
Mozilla/Thunderbird 140.12
Published Jun 16, 2026
Tracked Since Jun 16, 2026