PatchSiren cyber security CVE debrief
CVE-2026-12309 Mozilla CVE debrief
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported to Mozilla via Bugzilla and addressed in security advisories.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox 151 or earlier and Firefox ESR 140.11 or earlier should update to Firefox 152 or Firefox ESR 140.12 to address this vulnerability.
Technical summary
A memory safety bug was fixed in Firefox 152. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12
Evidence notes
The CVE record and NVD detail pages provide information on this vulnerability.
Official resources
public