CVE-2026-12328: Vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
AI Analysis
Technical Summary
CVE-2026-12328 encompasses a set of memory safety bugs affecting specific versions of Mozilla Firefox and Thunderbird. These bugs include memory corruption issues that, with sufficient effort, could allow arbitrary code execution. The affected versions are Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Mozilla released fixes for these vulnerabilities in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The vendor advisories detail multiple related memory safety bugs with high impact, all addressed in these fixed versions.
Potential Impact
The vulnerabilities involve memory safety bugs that have shown evidence of memory corruption, which could be exploited to run arbitrary code. This represents a high security risk as arbitrary code execution can lead to full compromise of the affected applications. No known exploits in the wild have been reported at the time of disclosure.
Mitigation Recommendations
Mozilla has released official fixes for these vulnerabilities in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users and administrators should update to these fixed versions to remediate the vulnerabilities. No additional mitigation steps are required beyond applying the official patches.
CVE-2026-12328: Vulnerability in Mozilla Firefox
Description
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVSS v3.1
Score 8.1high
Affected software
pkg:github/mozilla/firefoxpkg:github/mozilla/thunderbirdRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12328 encompasses a set of memory safety bugs affecting specific versions of Mozilla Firefox and Thunderbird. These bugs include memory corruption issues that, with sufficient effort, could allow arbitrary code execution. The affected versions are Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Mozilla released fixes for these vulnerabilities in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The vendor advisories detail multiple related memory safety bugs with high impact, all addressed in these fixed versions.
Potential Impact
The vulnerabilities involve memory safety bugs that have shown evidence of memory corruption, which could be exploited to run arbitrary code. This represents a high security risk as arbitrary code execution can lead to full compromise of the affected applications. No known exploits in the wild have been reported at the time of disclosure.
Mitigation Recommendations
Mozilla has released official fixes for these vulnerabilities in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. Users and administrators should update to these fixed versions to remediate the vulnerabilities. No additional mitigation steps are required beyond applying the official patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-06-15T15:08:22.260Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-59/","vendor":"Mozilla"}]
Threat ID: 6a314c830b89be6888b4cdec
Added to database: 6/16/2026, 1:15:47 PM
Last enriched: 6/16/2026, 1:31:28 PM
Last updated: 6/16/2026, 6:35:35 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.