PatchSiren cyber security CVE debrief
CVE-2026-12299 Mozilla CVE debrief
CVE-2026-12299 is a vulnerability in the Firefox browser, specifically affecting the JIT (Just-In-Time) compilation process in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox, especially those who use the browser for sensitive activities or in high-risk environments, should be aware of this vulnerability and ensure they are running a patched version of the browser.
Technical summary
The vulnerability is related to a JIT miscompilation issue in the DOM: Core & HTML component of Firefox. This type of issue can potentially allow for arbitrary code execution or other malicious activities.
Defensive priority
High
Recommended defensive actions
- Update Firefox to version 152 or later
- Update Firefox ESR to version 140.12 or later
- Update Firefox ESR to version 115.37 or later
Evidence notes
The CVE record and associated references provide evidence of the vulnerability and its fixes.
Official resources
CVE-2026-12299 was published on 2026-06-16T13:16:30.147Z and has not been modified since then.