PatchSiren cyber security CVE debrief
CVE-2026-12327 Mozilla CVE debrief
A memory safety issue was discovered in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. The issue, tracked as CVE-2026-12327, was found to have evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151 should update to the latest versions to mitigate this vulnerability.
Technical summary
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Defensive priority
high
Recommended defensive actions
- Update Firefox to version 152 or later.
- Update Firefox ESR to version 140.12 or later.
- Update Thunderbird to version 152 or later.
- Update Thunderbird ESR to version 140.12 or later.
Evidence notes
The CVE record indicates that the vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Official resources
CVE-2026-12327 was published on 2026-06-16T13:16:33.473Z and has not been modified since then.