These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A vulnerability was discovered in Firefox for iOS, which preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument. This allowed a malicious site to inject arbitrary cookies into requests to an unrelated target domain. The vulnerability was fixed in Firefox for iOS 152.0.
CVE-2026-53899 is a vulnerability in Firefox for iOS that allows a malicious site on a suffix domain to receive cookies belonging to the target site due to partial domain matching when attaching cookies to PDF requests. This issue was fixed in Firefox for iOS 152.0. The vulnerability was published on [cvePublishedAt] and has not been associated with a CVSS score or severity level.
CVE-2026-12330 is a vulnerability in the Internationalization component due to incorrect boundary conditions. This issue was addressed in Firefox ESR 140.12 and Firefox ESR 115.37.
A memory safety bug was fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12. The bug was reported via [ref-4](resourceLinkAnnotations.ref-4) and [ref-5](resourceLinkAnnotations.ref-5).
Memory safety bugs were present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, and it is presumed that with enough effort, some of these could have been exploited to run arbitrary code. The vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
A memory safety issue was discovered in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. The issue, tracked as CVE-2026-12327, was found to have evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
A series of memory safety bugs were discovered in Firefox 151 and Thunderbird 151. Some of these bugs demonstrated evidence of memory corruption. While the exact impact of these vulnerabilities is unclear, it is presumed that, with sufficient effort, an attacker could potentially exploit them to execute arbitrary code.
CVE-2026-12325 is a denial-of-service vulnerability in the Graphics: ImageLib component. This issue was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12325) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-12325).
CVE-2026-12324 is a vulnerability in the Graphics: CanvasWebGL component. The issue involves incorrect boundary conditions. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. For more information, refer to the [CVE-2026-12324 CVE record](resourceLinkAnnotations.cve-org) and [CVE-2026-12324 NVD detail](resourceLinkAnnotations.nvd).
CVE-2026-12323 is a spoofing issue in the DOM: Core & HTML component. The vulnerability was fixed in Firefox 152. The CVE was published and modified on June 16, 2026, at 13:16:33 UTC. The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12323) and [nvd](https://nvd. [truncated]
A clickjacking issue was found in the Widget: Gtk component. This vulnerability was fixed in Firefox 152. The issue was reported to Mozilla via Bugzilla and addressed in the Mozilla Firefox Security Advisory (MFSA) 2026-57.
A JIT (Just-In-Time) miscompilation vulnerability was discovered in the JavaScript: WebAssembly component. This vulnerability was addressed and fixed in Firefox 152. Users are advised to update to the latest version to mitigate potential risks.
CVE-2026-12320 is an information disclosure vulnerability in the Password Manager component of Firefox. The vulnerability was published and modified on June 16, 2026, at 13:16:32.710Z. The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla. The vulnerability was fixed in Firefox 152. For more information, see [cve-org](https://www.cve.org/CVERec [truncated]
CVE-2026-12319 is a denial-of-service vulnerability in the Audio/Video: Playback component. The vulnerability was fixed in Firefox 152. The CVE was published and modified on 2026-06-16T13:16:32.563Z. The vendor is currently listed as Unknown Vendor, but evidence suggests the vulnerability may be related to Mozilla. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12319) and [n [truncated]
CVE-2026-12318 is a vulnerability in the Libraries component in NSS. The issue is related to incorrect boundary conditions. This vulnerability was fixed in Firefox 152.
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152. The bug was reported to Mozilla via Bugzilla [ref-4]. For more information, refer to Mozilla's security advisory [ref-5].
A mitigation bypass vulnerability was discovered in the DOM: Security component. This issue was resolved in Firefox 152. Users are advised to update to the latest version to ensure their browser is secure.
CVE-2026-12315 is a mitigation bypass vulnerability in the DOM: Security component. The vulnerability was published on [cvePublishedAt] and has not been modified since. The vendor for this vulnerability is likely Mozilla, based on evidence from the source item. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was published on June 16, 2026.
CVE-2026-12313 is an information disclosure and sandbox escape vulnerability in the Security: Process Sandboxing component. This issue was addressed in Firefox 152 and Firefox ESR 140.12.
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12, which is identified as CVE-2026-12312. The bug was published on June 16, 2026.
CVE-2026-12311 is an information disclosure and sandbox escape vulnerability in the Security: Process Sandboxing component. This issue was addressed in Firefox 152 and Firefox ESR 140.12.
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was published on [CVE.org](resourceLinkAnnotations:cve-org).
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported to Mozilla via Bugzilla and addressed in security advisories.
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was published on [cvePublishedAt].
CVE-2026-12307 is a memory safety bug that was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported and fixed, with no evidence of exploitation or ransomware campaign use.
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was published on [CVE.org](resourceLinkAnnotations:cve-org) and additional details can be found on [NVD](resourceLinkAnnotations:nvd).
A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12. This vulnerability was addressed in the latest releases of Firefox and Firefox ESR.
A same-origin policy bypass vulnerability was discovered in the Networking: Cookies component of Firefox. This vulnerability, tracked as CVE-2026-12304, was fixed in Firefox 152 and Firefox ESR 140.12. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12304) and last modified on [cveModifiedAt](https://www.cve.org/CVERecord?id=CVE-2026-12304).
CVE-2026-12303 is an information disclosure vulnerability due to incorrect boundary conditions in the Graphics: WebGPU component. The issue was fixed in Firefox 152. According to [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12303), this CVE was published and modified on 2026-06-16T13:16:30.557Z. For more information, refer to the [CVE record](https://www.cve.org/CVERecord?id=CVE-2026-12303) and [Mozill [truncated]
A mitigation bypass vulnerability was discovered in the DOM: Security component. This issue was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The vulnerability was publicly disclosed on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12302).
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152. The bug was reported to Mozilla via Bugzilla and addressed in the Mozilla Security Advisories.
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152. The bug was reported to Mozilla via Bugzilla [ref-4]. For more information, refer to Mozilla's security advisory [ref-5].
CVE-2026-12299 is a vulnerability in the Firefox browser, specifically affecting the JIT (Just-In-Time) compilation process in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVE-2026-12298 is a memory safety bug that was fixed in Firefox 152 and Firefox ESR 140.12. The bug was reported and fixed, with no evidence of public exploits or additional details available.
A sandbox escape vulnerability was discovered in the Networking component of Firefox, caused by incorrect boundary conditions. This issue was addressed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVE-2026-12296 is a sandbox escape vulnerability in the Security: Process Sandboxing component. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. The CVE was published and modified on June 16, 2026.
CVE-2026-12295 is a vulnerability in the DOM: Navigation component that allows for sandbox escape. This issue was addressed by Mozilla in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVE-2026-12294 is a vulnerability in the DOM: Workers component that allows for sandbox escape. The vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12294) and last modified on [cveModifiedAt](https://www.cve.org/CVERecord?id=CVE-2026-12294).
CVE-2026-12293 is a use-after-free vulnerability in the Graphics: WebGPU component of Firefox. This issue was fixed in Firefox 152. The vulnerability was published on [cvePublishedAt] and has not been associated with a CVSS score or severity level.
CVE-2026-12292 is a vulnerability caused by incorrect boundary conditions in the Web Audio component. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-12292) and modified on [cveModifiedAt]. The vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. For more information, refer to [ref-5](https://www.mozilla.org/security/advisories/mfsa2026-57/) and [ref-6](https://www [truncated]
A memory safety bug was fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. The bug was reported to Mozilla via Bugzilla [ref-4]. Mozilla has released advisories for this vulnerability: [ref-5], [ref-6], and [ref-7].
CVE-2026-12289 is a privilege escalation vulnerability in the Graphics: WebRender component of Firefox. This issue was addressed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVE-2026-11799 is a UXSS (User Experience Security issue, potentially leading to Spoofing) vulnerability affecting Focus for iOS and Klar for iOS. The issue is related to Webkit navigation. The vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1. The CVSS score for this vulnerability is 7.5, indicating a HIGH severity level. The vulnerability was published on [cve-org](https://www.cv [truncated]
A medium-severity cross-site scripting vulnerability in Firefox for iOS Reader View allowed malicious pages to inject unescaped HTML via JSON-LD metadata. The injected markup could alter Reader View behavior and exfiltrate sensitive URL parameters, which could then be leveraged to access internal pages and achieve arbitrary JavaScript execution in an internal origin. Mozilla fixed this issue in Firefox for iOS 151.2.
A cross-site scripting (XSS) vulnerability in Firefox for iOS Reader View allowed malicious pages to inject arbitrary JavaScript through template placeholder substitution. The root cause was an ordering issue in the Reader View HTML template processing: page content was substituted before internal placeholders were replaced, enabling attacker-controlled placeholder strings to be later populated with JSON- [truncated]
CVE-2026-9078 is a visual spoofing vulnerability in Firefox for iOS affecting link preview UI surfaces. The issue involves incorrect display of specially crafted right-to-left (RTL) and internationalized domain names (IDNs), where a malicious RTL hostname could visually reorder portions of the displayed domain to make attacker-controlled sites appear as trusted origins. This represents a user interface de [truncated]
CVE-2026-8974 is a high-severity Mozilla memory safety issue tied to Firefox and Thunderbird. The vendor and NVD describe evidence of memory corruption, with the possibility that exploitation could have led to arbitrary code execution. Mozilla released fixes in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. Because the CVSS vector includes user interaction, the main risk is on s [truncated]
CVE-2026-8973 is a high-severity Mozilla memory safety issue affecting Thunderbird and Firefox releases before 151. NVD says the bug class involved memory corruption and maps it to CWE-119. Because the issue is network-reachable and requires user interaction, it is a meaningful exposure for environments running affected Mozilla clients until they are updated to 151 or later.
CVE-2026-8972 is a Mozilla privilege-escalation vulnerability in the WebRTC: Audio/Video component. NVD rates it 8.8 High with a network attack vector, low attack complexity, no attacker privileges, and user interaction required. Mozilla’s advisory references indicate the issue was fixed in Firefox 151 and Thunderbird 151, and NVD lists affected versions as those before 151.0.0.