PatchSiren cyber security CVE debrief
CVE-2026-12303 Mozilla CVE debrief
CVE-2026-12303 is an information disclosure vulnerability due to incorrect boundary conditions in the Graphics: WebGPU component. The issue was fixed in Firefox 152. According to [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12303), this CVE was published and modified on 2026-06-16T13:16:30.557Z. For more information, refer to the [CVE record](https://www.cve.org/CVERecord?id=CVE-2026-12303) and [Mozilla security advisories](https://www.mozilla.org/security/advisories/mfsa2026-57/).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox browser, particularly those using versions prior to Firefox 152, should be aware of this vulnerability and update their browsers to mitigate potential information disclosure risks.
Technical summary
The vulnerability is caused by incorrect boundary conditions in the Graphics: WebGPU component of Firefox. This could lead to information disclosure. The issue has been addressed in Firefox 152.
Defensive priority
Medium
Recommended defensive actions
- Update Firefox to version 152 or later.
- Refer to [Mozilla security advisories](https://www.mozilla.org/security/advisories/mfsa2026-57/) for more information.
Evidence notes
The CVE was published and modified on 2026-06-16T13:16:30.557Z. The vendor is identified as Unknown Vendor with low confidence, and evidence suggests Mozilla might be the affected vendor.
Official resources
CVE-2026-12303 was disclosed on 2026-06-16T13:16:30.557Z.