Memory Safety Bugs in Firefox ESR 140.11 and Thunderbird ESR 140.11 by Mozilla
CVE-2026-12327

8.1HIGH

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
16 June 2026

What is CVE-2026-12327?

In various versions of Mozilla’s Firefox ESR and Thunderbird, memory safety vulnerabilities have been identified. These bugs expose the products to potential memory corruption, which could allow attackers to exploit the system and execute arbitrary code if sufficient effort is applied. Patches for these vulnerabilities have been released in newer versions, enhancing the security of the affected products.

Affected Version(s)

Firefox 140.12

Firefox 152

Thunderbird 140.12

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team
.