Memory Safety Bugs in Firefox ESR 140.11 and Thunderbird ESR 140.11 by Mozilla
CVE-2026-12327
8.1HIGH
What is CVE-2026-12327?
In various versions of Mozilla’s Firefox ESR and Thunderbird, memory safety vulnerabilities have been identified. These bugs expose the products to potential memory corruption, which could allow attackers to exploit the system and execute arbitrary code if sufficient effort is applied. Patches for these vulnerabilities have been released in newer versions, enhancing the security of the affected products.
Affected Version(s)
Firefox 140.12
Firefox 152
Thunderbird 140.12
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team