Information Disclosure and Sandbox Escape in Mozilla Firefox
CVE-2026-12313

4.7MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-12313?

This vulnerability pertains to information disclosure and sandbox escaping within the Security: Process Sandboxing component of Mozilla Firefox. An attacker could exploit this vulnerability to gain unauthorized access to sensitive data or execute malicious actions outside of the intended sandbox environment. It is critically important for users to update to the latest versions of Firefox (152 and Firefox ESR 140.12) to safeguard against these potential exploits and enhance their cybersecurity posture.

Affected Version(s)

Firefox 140.12

Firefox 152

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2040477

https://www.mozilla.org/security/advisories/mfsa2026-57/

https://www.mozilla.org/security/advisories/mfsa2026-58/

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 15, 2026

Credit

evyatar

CVE-2026-12313 Data

JSON