PatchSiren cyber security CVE debrief
CVE-2026-12289 Mozilla CVE debrief
CVE-2026-12289 is a privilege escalation vulnerability in the Graphics: WebRender component of Firefox. This issue was addressed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox, especially those who handle sensitive data or require high security standards, should apply the updates to mitigate the risk of privilege escalation attacks.
Technical summary
The vulnerability allows for privilege escalation, potentially enabling an attacker to gain higher-level access within the application. The affected component is Graphics: WebRender in Firefox.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152 or later
- Update to Firefox ESR 140.12 or later
- Update to Firefox ESR 115.37 or later
Evidence notes
The CVE was published and modified on June 16, 2026. References include Bugzilla issue 2023443 and Mozilla security advisories MFSA2026-57, MFSA2026-58, and MFSA2026-59.
Official resources
CVE-2026-12289 was published and modified on 2026-06-16T13:16:29.173Z.