CVE-2026-12327
Received Received - Intake
Memory Corruption in Firefox and Thunderbird

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Mozilla Corporation

Description
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-12327
EUVD
EUVD-2026-37073
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
mozilla firefox 140.11
mozilla thunderbird 140.11
mozilla firefox 151
mozilla thunderbird 151
mozilla firefox 152
mozilla firefox_esr 140.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves memory safety bugs found in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed signs of memory corruption, which means that with enough effort, an attacker could potentially exploit them to run arbitrary code on the affected systems.

The issue was addressed and fixed in Firefox 152 and Firefox ESR 140.12.

Impact Analysis

If exploited, this vulnerability could allow an attacker to execute arbitrary code on your system through the affected versions of Firefox or Thunderbird. This could lead to unauthorized actions, data compromise, or control over your device.

Mitigation Strategies

To mitigate this vulnerability, update Firefox and Thunderbird to the fixed versions: Firefox 152 and Firefox ESR 140.12.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12327. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart