PatchSiren cyber security CVE debrief
CVE-2026-12320 Mozilla CVE debrief
CVE-2026-12320 is an information disclosure vulnerability in the Password Manager component of Firefox. The vulnerability was published and modified on June 16, 2026, at 13:16:32.710Z. The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla. The vulnerability was fixed in Firefox 152. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12320) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12320).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox, particularly those using versions prior to Firefox 152, should be aware of this vulnerability and take steps to update their browsers.
Technical summary
This vulnerability allows for information disclosure in the Password Manager component of Firefox. It was fixed in Firefox 152.
Defensive priority
High
Recommended defensive actions
- Update Firefox to version 152 or later.
- Review [ref-4](https://bugzilla.mozilla.org/show_bug.cgi?id=2027572) and [ref-5](https://www.mozilla.org/security/advisories/mfsa2026-57/) for additional information.
Evidence notes
The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla.
Official resources
CVE-2026-12320 was published and modified on June 16, 2026, at 13:16:32.710Z.