PatchSiren cyber security CVE debrief
CVE-2026-12295 Mozilla CVE debrief
CVE-2026-12295 is a vulnerability in the DOM: Navigation component that allows for sandbox escape. This issue was addressed by Mozilla in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox, Firefox ESR, and other Mozilla products are potentially impacted by this vulnerability.
Technical summary
The vulnerability is a sandbox escape issue in the DOM: Navigation component. The CVSS score and severity are not provided in the given data.
Defensive priority
High
Recommended defensive actions
- Update Firefox to version 152 or later
- Update Firefox ESR to version 140.12 or later
- Update Firefox ESR to version 115.37 or later
Evidence notes
The vendor is identified as Mozilla based on evidence from the source item.
Official resources
CVE-2026-12295 was published on 2026-06-16T13:16:29.737Z and has not been modified since then.