PatchSiren cyber security CVE debrief
CVE-2026-12307 Mozilla CVE debrief
CVE-2026-12307 is a memory safety bug that was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported and fixed, with no evidence of exploitation or ransomware campaign use.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox 152 and Firefox ESR 140.12 should ensure they have updated to the latest versions to mitigate this vulnerability.
Technical summary
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Defensive priority
medium
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12 to mitigate this vulnerability.
Evidence notes
The CVE was published and modified on 2026-06-16T13:16:30.933Z. The vendor is likely Mozilla, based on the evidence.
Official resources
CVE-2026-12307 was published and modified on 2026-06-16T13:16:30.933Z.