PatchSiren cyber security CVE debrief
CVE-2026-12312 Mozilla CVE debrief
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12, which is identified as CVE-2026-12312. The bug was published on June 16, 2026.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox 152 and Firefox ESR 140.12 should apply the updates to fix the memory safety bug.
Technical summary
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12
Evidence notes
The CVE was published on June 16, 2026, and the bug was fixed in Firefox 152 and Firefox ESR 140.12.
Official resources
CVE-2026-12312 was published on June 16, 2026.