Memory Safety Vulnerabilities in Firefox and Thunderbird from Mozilla
CVE-2026-12328

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-12328?

Memory safety vulnerabilities have been identified in multiple versions of Firefox ESR and Thunderbird, including instances of memory corruption. These flaws could potentially be exploited to execute arbitrary code if leveraged thoughtfully by an attacker. Mozilla has addressed and remediated these security issues with updates in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users are strongly advised to upgrade to these recommended versions to mitigate associated risks.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2...

https://www.mozilla.org/security/advisories/mfsa2026-57/

https://www.mozilla.org/security/advisories/mfsa2026-58/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 15, 2026

Credit

Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team

CVE-2026-12328 Data

JSON