Memory Safety Vulnerabilities in Firefox and Thunderbird from Mozilla
CVE-2026-12328
8.1HIGH
What is CVE-2026-12328?
Memory safety vulnerabilities have been identified in multiple versions of Firefox ESR and Thunderbird, including instances of memory corruption. These flaws could potentially be exploited to execute arbitrary code if leveraged thoughtfully by an attacker. Mozilla has addressed and remediated these security issues with updates in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users are strongly advised to upgrade to these recommended versions to mitigate associated risks.
Affected Version(s)
Firefox 115.37
Firefox 140.12
Firefox 152
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team