Privilege Escalation in Firefox WebRender Component
CVE-2026-12289

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-12289?

A vulnerability exists in the Graphics: WebRender component of Firefox that allows for privilege escalation. This issue has the potential to enable attackers to gain elevated permissions, which could compromise system integrity. Mozilla has since addressed this issue in Firefox version 152, as well as in Firefox ESR versions 140.12 and 115.37. Users are encouraged to update their browsers to ensure compliance with security standards and protect against potential exploits.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2023443

https://www.mozilla.org/security/advisories/mfsa2026-57/

https://www.mozilla.org/security/advisories/mfsa2026-58/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 15, 2026

Credit

choeseyeong

CVE-2026-12289 Data

JSON