CVE-2026-12290
Modified
Modified - Updated After Analysis
Memory Corruption Bug in Firefox
Vulnerability report for CVE-2026-12290, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-16
Last updated on: 2026-06-30
Assigner: Mozilla Corporation
Description
Description
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | 152 |
| mozilla | firefox_esr | 140.12 |
| mozilla | firefox_esr | 115.37 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |