Memory Safety Vulnerabilities in Firefox and Thunderbird from Mozilla
CVE-2026-12328

8.1HIGH

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
16 June 2026

What is CVE-2026-12328?

Memory safety vulnerabilities have been identified in multiple versions of Firefox ESR and Thunderbird, including instances of memory corruption. These flaws could potentially be exploited to execute arbitrary code if leveraged thoughtfully by an attacker. Mozilla has addressed and remediated these security issues with updates in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users are strongly advised to upgrade to these recommended versions to mitigate associated risks.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team
.