PatchSiren cyber security CVE debrief
CVE-2026-12290 Mozilla CVE debrief
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The bug was reported to Mozilla via Bugzilla [ref-4]. Mozilla has released advisories for this vulnerability: [ref-5], [ref-6], and [ref-7].
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37 may be affected by this vulnerability.
Technical summary
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Defensive priority
high
Recommended defensive actions
- Update to Firefox 152, Firefox ESR 140.12, or Firefox ESR 115.37
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information about this vulnerability.
Official resources
public