PatchSiren cyber security CVE debrief
CVE-2026-12324 Mozilla CVE debrief
CVE-2026-12324 is a vulnerability in the Graphics: CanvasWebGL component. The issue involves incorrect boundary conditions. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. For more information, refer to the [CVE-2026-12324 CVE record](resourceLinkAnnotations.cve-org) and [CVE-2026-12324 NVD detail](resourceLinkAnnotations.nvd).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox and Firefox ESR should update to Firefox 152 and Firefox ESR 140.12 to mitigate this vulnerability.
Technical summary
The vulnerability is caused by incorrect boundary conditions in the Graphics: CanvasWebGL component. This issue was addressed in Firefox 152 and Firefox ESR 140.12.
Defensive priority
high
Recommended defensive actions
- Update to Firefox 152 or Firefox ESR 140.12
Evidence notes
The vendor is identified as Mozilla based on evidence from the source item.
Official resources
CVE-2026-12324 was published on 2026-06-16T13:16:33.153Z and has not been modified since then.