PatchSiren cyber security CVE debrief
CVE-2026-12298 Mozilla CVE debrief
CVE-2026-12298 is a memory safety bug that was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported and fixed, with no evidence of public exploits or additional details available.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox and Firefox ESR should update to version 152 and 140.12 respectively to mitigate this vulnerability.
Technical summary
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Defensive priority
medium
Recommended defensive actions
- Update Firefox to version 152 or later
- Update Firefox ESR to version 140.12 or later
Evidence notes
The CVE was published and modified on June 16, 2026. The vendor is listed as Unknown Vendor, but evidence suggests the vulnerability is related to Mozilla.
Official resources
CVE-2026-12298 was published and modified on June 16, 2026.