Denial-of-Service Vulnerability in Firefox's ImageLib Component
CVE-2026-12325

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-12325?

A Denial-of-Service vulnerability has been identified in the Graphics: ImageLib component of Firefox. If exploited, this vulnerability can cause the affected product to become unresponsive, impacting user experience significantly. The issue has been addressed in Firefox version 152 and specific releases of Firefox ESR, making users of outdated versions susceptible to exploitation. Staying updated is crucial to maintain security.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2039443

https://www.mozilla.org/security/advisories/mfsa2026-57/

https://www.mozilla.org/security/advisories/mfsa2026-58/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 15, 2026

Credit

Securin

CVE-2026-12325 Data

JSON

Mozilla

What is CVE-2026-12325?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit