CVE-2026-12302: Vulnerability in Mozilla Firefox
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
AI Analysis
Technical Summary
CVE-2026-12302 is a mitigation bypass vulnerability located in the DOM security component of Mozilla Firefox. It was reported by the security researcher lebr0nli and assigned moderate impact by Mozilla. The vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37 as part of a security update addressing multiple vulnerabilities. The vendor advisories indicate that this issue is one among several memory safety, sandbox escape, and mitigation bypass bugs resolved in these releases. No CVSS score is provided, but the vendor rates the impact as moderate. There are no known exploits in the wild for this vulnerability.
Potential Impact
The vulnerability allows bypassing security mitigations in the DOM security component, which could potentially weaken the browser's security defenses. However, the impact is rated moderate by Mozilla, indicating that while it poses a security risk, it is not considered critical or high severity. There are no reports of active exploitation in the wild. The fix eliminates the vulnerability in the specified Firefox versions.
Mitigation Recommendations
A fix for CVE-2026-12302 is available and has been incorporated into Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users and administrators should update affected Firefox installations to these versions or later to remediate this vulnerability. Since this is a client software vulnerability, patching is the primary and recommended mitigation. No additional vendor-recommended mitigations or workarounds are indicated.
CVE-2026-12302: Vulnerability in Mozilla Firefox
Description
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVSS v3.1
Score 6.5medium
Affected software
pkg:github/mozilla/firefox-esrRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12302 is a mitigation bypass vulnerability located in the DOM security component of Mozilla Firefox. It was reported by the security researcher lebr0nli and assigned moderate impact by Mozilla. The vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37 as part of a security update addressing multiple vulnerabilities. The vendor advisories indicate that this issue is one among several memory safety, sandbox escape, and mitigation bypass bugs resolved in these releases. No CVSS score is provided, but the vendor rates the impact as moderate. There are no known exploits in the wild for this vulnerability.
Potential Impact
The vulnerability allows bypassing security mitigations in the DOM security component, which could potentially weaken the browser's security defenses. However, the impact is rated moderate by Mozilla, indicating that while it poses a security risk, it is not considered critical or high severity. There are no reports of active exploitation in the wild. The fix eliminates the vulnerability in the specified Firefox versions.
Mitigation Recommendations
A fix for CVE-2026-12302 is available and has been incorporated into Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users and administrators should update affected Firefox installations to these versions or later to remediate this vulnerability. Since this is a client software vulnerability, patching is the primary and recommended mitigation. No additional vendor-recommended mitigations or workarounds are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-06-15T15:08:11.416Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-59/","vendor":"Mozilla"}]
Threat ID: 6a314c7e0b89be6888b4cc85
Added to database: 6/16/2026, 1:15:42 PM
Last enriched: 6/16/2026, 1:46:15 PM
Last updated: 6/17/2026, 4:19:29 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.