PatchSiren cyber security CVE debrief
CVE-2026-12306 Mozilla CVE debrief
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was published on [CVE.org](resourceLinkAnnotations:cve-org) and additional details can be found on [NVD](resourceLinkAnnotations:nvd).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox 152 and Firefox ESR 140.12 should ensure they have updated to the latest versions to mitigate this vulnerability.
Technical summary
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12
Evidence notes
The CVE was published on 2026-06-16T13:16:30.833Z and has been associated with Mozilla.
Official resources
Mozilla has addressed a memory safety bug in Firefox 152 and Firefox ESR 140.12.