PatchSiren cyber security CVE debrief
CVE-2026-12325 Mozilla CVE debrief
CVE-2026-12325 is a denial-of-service vulnerability in the Graphics: ImageLib component. This issue was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12325) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-12325).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox, Firefox ESR, and related products should apply the patches to prevent denial-of-service attacks.
Technical summary
The vulnerability is a denial-of-service issue in the Graphics: ImageLib component.
Defensive priority
high
Recommended defensive actions
- Apply patches: Update to Firefox 152, Firefox ESR 140.12, or Firefox ESR 115.37.
Evidence notes
The CVE was published and last modified on the same date: 2026-06-16T13:16:33.267Z.
Official resources
Mozilla has addressed this vulnerability in their latest releases.