PatchSiren cyber security CVE debrief
CVE-2026-12321 Mozilla CVE debrief
A JIT (Just-In-Time) miscompilation vulnerability was discovered in the JavaScript: WebAssembly component. This vulnerability was addressed and fixed in Firefox 152. Users are advised to update to the latest version to mitigate potential risks.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox, particularly those who use the browser for WebAssembly-related tasks or visit untrusted websites, should be aware of this vulnerability and take action to update their browser.
Technical summary
The vulnerability is caused by a JIT miscompilation in the JavaScript: WebAssembly component. This could potentially allow attackers to execute arbitrary code or cause a denial of service.
Defensive priority
High
Recommended defensive actions
- Update Firefox to version 152 or later.
Evidence notes
The CVE record and NVD detail pages provide official information about this vulnerability. Additional details can be found in the Mozilla security advisories.
Official resources
CVE-2026-12321 was published on 2026-06-16T13:16:32.823Z and has not been modified since then.