PatchSiren cyber security CVE debrief
CVE-2026-12323 Mozilla CVE debrief
CVE-2026-12323 is a spoofing issue in the DOM: Core & HTML component. The vulnerability was fixed in Firefox 152. The CVE was published and modified on June 16, 2026, at 13:16:33 UTC. The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12323) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12323).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Firefox browser, particularly those using versions prior to Firefox 152, should be aware of this vulnerability and take steps to update their browser.
Technical summary
A spoofing issue was found in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Defensive priority
Medium
Recommended defensive actions
- Update Firefox to version 152 or later.
Evidence notes
The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla.
Official resources
CVE-2026-12323 was published and modified on June 16, 2026, at 13:16:33 UTC.