PatchSiren cyber security CVE debrief
CVE-2026-12328 Mozilla CVE debrief
Memory safety bugs were present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, and it is presumed that with enough effort, some of these could have been exploited to run arbitrary code. The vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151 should update to the latest versions to mitigate the risk of potential code execution.
Technical summary
The vulnerability involves multiple memory safety bugs. While the exact details are not provided, it is known that some of these bugs could lead to memory corruption.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 152, Firefox ESR 140.12, or Firefox ESR 115.37 to address the vulnerability.
Evidence notes
The CVE record and references from Mozilla provide evidence of the vulnerability and its fixes.
Official resources
CVE-2026-12328 was published on 2026-06-16T13:16:33.567Z and has not been modified.