PatchSiren cyber security CVE debrief
CVE-2026-12296 Mozilla CVE debrief
CVE-2026-12296 is a sandbox escape vulnerability in the Security: Process Sandboxing component. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. The CVE was published and modified on June 16, 2026.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox and Firefox ESR should update to Firefox 152 and Firefox ESR 140.12 to mitigate this vulnerability.
Technical summary
A sandbox escape vulnerability exists in the Security: Process Sandboxing component. This vulnerability could potentially allow an attacker to escape the sandbox and execute arbitrary code.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found in the Mozilla security advisories [ref-5] and [ref-6].
Official resources
CVE-2026-12296 was published and modified on June 16, 2026.