CVE-2026-12289
Received Received - Intake
Privilege Escalation in Firefox WebRender

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Mozilla Corporation

Description
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-12289
EUVD
EUVD-2026-37080
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mozilla firefox 152
mozilla firefox esr
mozilla firefox to 115.37 (exc)
mozilla firefox to 140.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-12289 is a high-impact privilege escalation vulnerability found in the Graphics: WebRender component of Mozilla Firefox.

This vulnerability allows an attacker to gain elevated privileges within the Firefox application, which could enable further exploitation or unauthorized actions.

It affects Firefox ESR 115.36 and earlier, Firefox ESR 140.11 and earlier, and Firefox versions before 152, and has been fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Impact Analysis

This vulnerability can allow an attacker to escalate their privileges within the Firefox application.

With elevated privileges, an attacker could potentially perform unauthorized actions, gain further system access, or compromise the system beyond the browser.

Mitigation Strategies

To mitigate the CVE-2026-12289 vulnerability, you should update your Firefox browser to a fixed version.

  • Update to Firefox 152 or later if you are using the standard release.
  • If using Firefox ESR, update to ESR 115.37 or later.
  • Alternatively, update to Firefox ESR 140.12 or later if you are on the ESR 140 branch.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12289. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart