PatchSiren cyber security CVE debrief
CVE-2026-12297 Mozilla CVE debrief
A sandbox escape vulnerability was discovered in the Networking component of Firefox, caused by incorrect boundary conditions. This issue was addressed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox, Firefox ESR 140.12, and Firefox ESR 115.37 may be affected by this vulnerability.
Technical summary
The vulnerability, identified as CVE-2026-12297, allows for a sandbox escape due to incorrect boundary conditions in the Networking component.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152, Firefox ESR 140.12, or Firefox ESR 115.37 to address the vulnerability.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide official information about the vulnerability.
Official resources
CVE-2026-12297 was published on 2026-06-16T13:16:29.927Z and has not been modified.