Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6700 vulnerabilities found for firefox by mozilla
CVE-2026-12330 (GCVE-0-2026-12330)
Vulnerability from nvd – Published: 2026-06-16 11:53 – Updated: 2026-06-16 11:53
VLAI
Title
Incorrect boundary conditions in the Internationalization component
Summary
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.37",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37."
}
],
"value": "Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:53:03.839Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029326"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
}
],
"title": "Incorrect boundary conditions in the Internationalization component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12330",
"datePublished": "2026-06-16T11:53:03.839Z",
"dateReserved": "2026-06-15T15:08:22.804Z",
"dateUpdated": "2026-06-16T11:53:03.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12329 (GCVE-0-2026-12329)
Vulnerability from nvd – Published: 2026-06-16 11:53 – Updated: 2026-06-16 11:53
VLAI
Title
Memory safety bug fixed in Firefox ESR 140.12
Summary
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Froman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:53:02.833Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2044738"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox ESR 140.12"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12329",
"datePublished": "2026-06-16T11:53:02.833Z",
"dateReserved": "2026-06-15T15:08:22.406Z",
"dateUpdated": "2026-06-16T11:53:02.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12328 (GCVE-0-2026-12328)
Vulnerability from nvd – Published: 2026-06-16 11:53 – Updated: 2026-06-16 14:41
VLAI
Title
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Summary
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:41:22.549300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:41:26.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.37",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"value": "Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:53:01.835Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2C2038477%2C2039726%2C2041373%2C2042268%2C2042451%2C2042782%2C2042858%2C2042929%2C2042965%2C2043213"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12328",
"datePublished": "2026-06-16T11:53:01.835Z",
"dateReserved": "2026-06-15T15:08:22.260Z",
"dateUpdated": "2026-06-16T14:41:26.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12327 (GCVE-0-2026-12327)
Vulnerability from nvd – Published: 2026-06-16 11:53 – Updated: 2026-06-16 11:53
VLAI
Title
Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Summary
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:53:00.798Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2011842%2C2023902%2C2025512%2C2027312%2C2029444%2C2036571%2C2036900%2C2036936%2C2037995%2C2038551%2C2040717%2C2042724"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12327",
"datePublished": "2026-06-16T11:53:00.798Z",
"dateReserved": "2026-06-15T15:08:22.115Z",
"dateUpdated": "2026-06-16T11:53:00.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12326 (GCVE-0-2026-12326)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bugs fixed in Firefox 152 and Thunderbird 152
Summary
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ashley Zebrowski, Christian Holler, Dan Baker, Jan de Mooij, Jon Coppeard, Maurice Dauer, Nicolas B. Pierron, Nika Layzell, Randell Jesup, Rob Wu, Ryan Hunt, Steve Fink, Tom Schuster, Tomoya Nakanishi, Yannis Juglaret, Serge Guelton and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152."
}
],
"value": "Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:59.767Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Moderate Severity memory safety bugs fixed in Firefox 152 and Thunderbird 152",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767455%2C2004308%2C2024445%2C2028182%2C2029765%2C2029883%2C2030110%2C2030149%2C2030366%2C2030374%2C2030564%2C2031120%2C2033411%2C2038695%2C2042465%2C2042781%2C2042907"
},
{
"name": "Low Severity memory safety bugs fixed in Firefox 152 and Thunderbird 152",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021955%2C2025960%2C2029066%2C2029403%2C2029435%2C2029803%2C2030570%2C2030573%2C2032264%2C2033234%2C2034816%2C2035907%2C2035963%2C2036895%2C2036898%2C2036907%2C2036909%2C2036928%2C2036931%2C2036932%2C2036934%2C2039238%2C2039463"
},
{
"name": "High Severity memory safety bugs fixed in Firefox 152 and Thunderbird 152",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2039050%2C2042718%2C2042760%2C2044831%2C2045307%2C2045398%2C2045516%2C2045572%2C2041741%2C2044433"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Memory safety bugs fixed in Firefox 152 and Thunderbird 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12326",
"datePublished": "2026-06-16T11:52:59.767Z",
"dateReserved": "2026-06-15T15:08:21.967Z",
"dateUpdated": "2026-06-16T11:52:59.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12325 (GCVE-0-2026-12325)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 14:45
VLAI
Title
Denial-of-service in the Graphics: ImageLib component
Summary
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:44:54.039699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:45:18.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.37",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Securin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"value": "Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:58.728Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039443"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
}
],
"title": "Denial-of-service in the Graphics: ImageLib component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12325",
"datePublished": "2026-06-16T11:52:58.728Z",
"dateReserved": "2026-06-15T15:08:21.546Z",
"dateUpdated": "2026-06-16T14:45:18.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12324 (GCVE-0-2026-12324)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Incorrect boundary conditions in the Graphics: CanvasWebGL component
Summary
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mihalis Haatainen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:57.719Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038444"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Incorrect boundary conditions in the Graphics: CanvasWebGL component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12324",
"datePublished": "2026-06-16T11:52:57.719Z",
"dateReserved": "2026-06-15T15:08:21.057Z",
"dateUpdated": "2026-06-16T11:52:57.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12323 (GCVE-0-2026-12323)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 14:55
VLAI
Title
Spoofing issue in the DOM: Core & HTML component
Summary
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:55:27.545235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:55:54.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jody Ritonga"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Spoofing issue in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:56.725Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2035027"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Spoofing issue in the DOM: Core \u0026 HTML component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12323",
"datePublished": "2026-06-16T11:52:56.725Z",
"dateReserved": "2026-06-15T15:08:20.648Z",
"dateUpdated": "2026-06-16T14:55:54.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12322 (GCVE-0-2026-12322)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Clickjacking issue in the Widget: Gtk component
Summary
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jivk"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:55.781Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2033848"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Clickjacking issue in the Widget: Gtk component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12322",
"datePublished": "2026-06-16T11:52:55.781Z",
"dateReserved": "2026-06-15T15:08:19.905Z",
"dateUpdated": "2026-06-16T11:52:55.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12321 (GCVE-0-2026-12321)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
JIT miscompilation in the JavaScript: WebAssembly component
Summary
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JunYoung Park"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152."
}
],
"value": "JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:54.784Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032943"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "JIT miscompilation in the JavaScript: WebAssembly component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12321",
"datePublished": "2026-06-16T11:52:54.784Z",
"dateReserved": "2026-06-15T15:08:19.456Z",
"dateUpdated": "2026-06-16T11:52:54.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12320 (GCVE-0-2026-12320)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Information disclosure in the Password Manager component
Summary
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Av0id"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:53.813Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2027572"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Information disclosure in the Password Manager component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12320",
"datePublished": "2026-06-16T11:52:53.813Z",
"dateReserved": "2026-06-15T15:08:18.926Z",
"dateUpdated": "2026-06-16T11:52:53.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12319 (GCVE-0-2026-12319)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 14:44
VLAI
Title
Denial-of-service in the Audio/Video: Playback component
Summary
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:43:59.513020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:44:32.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "jmwebdevelopement"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:52.797Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2026933"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Denial-of-service in the Audio/Video: Playback component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12319",
"datePublished": "2026-06-16T11:52:52.797Z",
"dateReserved": "2026-06-15T15:08:18.531Z",
"dateUpdated": "2026-06-16T14:44:32.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12318 (GCVE-0-2026-12318)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Incorrect boundary conditions in the Libraries component in NSS
Summary
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Haruto Kimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152."
}
],
"value": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:51.844Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023478"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Incorrect boundary conditions in the Libraries component in NSS"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12318",
"datePublished": "2026-06-16T11:52:51.844Z",
"dateReserved": "2026-06-15T15:08:18.136Z",
"dateUpdated": "2026-06-16T11:52:51.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12317 (GCVE-0-2026-12317)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fr\u00e9d\u00e9ric Wang N\u00e9lar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:50.810Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007083"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12317",
"datePublished": "2026-06-16T11:52:50.810Z",
"dateReserved": "2026-06-15T15:08:17.711Z",
"dateUpdated": "2026-06-16T11:52:50.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12316 (GCVE-0-2026-12316)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Mitigation bypass in the DOM: Security component
Summary
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frederik Braun"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:49.781Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2045496"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Mitigation bypass in the DOM: Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12316",
"datePublished": "2026-06-16T11:52:49.781Z",
"dateReserved": "2026-06-15T15:08:17.309Z",
"dateUpdated": "2026-06-16T11:52:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12315 (GCVE-0-2026-12315)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Mitigation bypass in the DOM: Security component
Summary
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Minh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:48.735Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2042058"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Mitigation bypass in the DOM: Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12315",
"datePublished": "2026-06-16T11:52:48.735Z",
"dateReserved": "2026-06-15T15:08:16.927Z",
"dateUpdated": "2026-06-16T11:52:48.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12314 (GCVE-0-2026-12314)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "satyamasd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:47.771Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2041856"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12314",
"datePublished": "2026-06-16T11:52:47.771Z",
"dateReserved": "2026-06-15T15:08:16.363Z",
"dateUpdated": "2026-06-16T11:52:47.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12313 (GCVE-0-2026-12313)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 14:32
VLAI
Title
Information disclosure, sandbox escape in the Security: Process Sandboxing component
Summary
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:32:03.424627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:32:06.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "evyatar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:46.728Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040477"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Information disclosure, sandbox escape in the Security: Process Sandboxing component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12313",
"datePublished": "2026-06-16T11:52:46.728Z",
"dateReserved": "2026-06-15T15:08:15.915Z",
"dateUpdated": "2026-06-16T14:32:06.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12312 (GCVE-0-2026-12312)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rintaro Kawasugi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:45.734Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040383"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12312",
"datePublished": "2026-06-16T11:52:45.734Z",
"dateReserved": "2026-06-15T15:08:15.534Z",
"dateUpdated": "2026-06-16T11:52:45.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12311 (GCVE-0-2026-12311)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Information disclosure, sandbox escape in the Security: Process Sandboxing component
Summary
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yaqoub Aldurayhim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:44.738Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040177"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Information disclosure, sandbox escape in the Security: Process Sandboxing component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12311",
"datePublished": "2026-06-16T11:52:44.738Z",
"dateReserved": "2026-06-15T15:08:15.120Z",
"dateUpdated": "2026-06-16T11:52:44.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12310 (GCVE-0-2026-12310)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carl Pearson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:43.757Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039707"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12310",
"datePublished": "2026-06-16T11:52:43.757Z",
"dateReserved": "2026-06-15T15:08:14.693Z",
"dateUpdated": "2026-06-16T11:52:43.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12309 (GCVE-0-2026-12309)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yaqoub Aldurayhim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:42.737Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038476"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12309",
"datePublished": "2026-06-16T11:52:42.737Z",
"dateReserved": "2026-06-15T15:08:14.300Z",
"dateUpdated": "2026-06-16T11:52:42.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12308 (GCVE-0-2026-12308)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mihalis Haatainen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:41.775Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038302"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12308",
"datePublished": "2026-06-16T11:52:41.775Z",
"dateReserved": "2026-06-15T15:08:13.863Z",
"dateUpdated": "2026-06-16T11:52:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12307 (GCVE-0-2026-12307)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Atsushi Sada"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:40.757Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038133"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12307",
"datePublished": "2026-06-16T11:52:40.757Z",
"dateReserved": "2026-06-15T15:08:13.454Z",
"dateUpdated": "2026-06-16T11:52:40.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12306 (GCVE-0-2026-12306)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mihalis Haatainen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:39.808Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2037323"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12306",
"datePublished": "2026-06-16T11:52:39.808Z",
"dateReserved": "2026-06-15T15:08:13.015Z",
"dateUpdated": "2026-06-16T11:52:39.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12305 (GCVE-0-2026-12305)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zijie Zhao"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:38.793Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2037290"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12305",
"datePublished": "2026-06-16T11:52:38.793Z",
"dateReserved": "2026-06-15T15:08:12.602Z",
"dateUpdated": "2026-06-16T11:52:38.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12304 (GCVE-0-2026-12304)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Same-origin policy bypass in the Networking: Cookies component
Summary
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yaqoub Aldurayhim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"value": "Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:37.817Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034944"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
}
],
"title": "Same-origin policy bypass in the Networking: Cookies component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12304",
"datePublished": "2026-06-16T11:52:37.817Z",
"dateReserved": "2026-06-15T15:08:12.234Z",
"dateUpdated": "2026-06-16T11:52:37.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12303 (GCVE-0-2026-12303)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 14:31
VLAI
Title
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component
Summary
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:31:06.824125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:31:25.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michal Andryskowski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152."
}
],
"value": "Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:36.848Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034608"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12303",
"datePublished": "2026-06-16T11:52:36.848Z",
"dateReserved": "2026-06-15T15:08:11.833Z",
"dateUpdated": "2026-06-16T14:31:25.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12302 (GCVE-0-2026-12302)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Mitigation bypass in the DOM: Security component
Summary
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Severity
No CVSS data available.
Assigner
References
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.37",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.12",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lebr0nli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:35.893Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034489"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
}
],
"title": "Mitigation bypass in the DOM: Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12302",
"datePublished": "2026-06-16T11:52:35.893Z",
"dateReserved": "2026-06-15T15:08:11.416Z",
"dateUpdated": "2026-06-16T11:52:35.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12301 (GCVE-0-2026-12301)
Vulnerability from nvd – Published: 2026-06-16 11:52 – Updated: 2026-06-16 11:52
VLAI
Title
Memory safety bug fixed in Firefox 152
Summary
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Severity
No CVSS data available.
Assigner
References
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "152",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Richard Belisle"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152."
}
],
"value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:52:34.878Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015647"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
}
],
"title": "Memory safety bug fixed in Firefox 152"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-12301",
"datePublished": "2026-06-16T11:52:34.878Z",
"dateReserved": "2026-06-15T15:08:11.001Z",
"dateUpdated": "2026-06-16T11:52:34.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}