CVE-2026-12295 - Vulnerability Details

- Sandbox escape in the DOM: Navigation component

Description

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Published: 2026-06-16

Score: 9.6 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is a sandbox escape that targets the navigation component of the browser’s DOM. It stems from weaknesses in input validation and information exposure as identified by CWE-693 and CWE-653. The escape permits code executed within web content to break out of the sandbox, exposing the host platform to potential compromise of confidentiality, integrity, or availability.

Affected Systems

Mozilla Firefox releases older than 152, older Firefox ESR releases before 140.12 and 115.37, and Mozilla Thunderbird releases older than 152 or ESR 140.12 are vulnerable to this sandbox escape flaw.

Risk and Exploitability

The EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The CVSS score is 9.6, indicating an extremely high severity; based on this score, it is inferred that the flaw could permit the execution of malicious code contained in crafted web content. The attack path is inferred to be a maliciously constructed web page that interacts with the vulnerable navigation component.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`115.37`	unaffected	≤ 115.*
`140.12`	unaffected	≤ 140.*
`152`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`140.12`	unaffected	≤ 140.*
`152`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Mozilla

Firefox

100%

Version	Status	Scheme	Platform
`[115.37,116.0.0)`	unaffected	generic	—
`[140.12,141.0.0)`	unaffected	generic	—
`[152,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Mozilla Firefox to version 152 or later, or to the corresponding ESR release of 140.12 or 115.37.
Update Mozilla Thunderbird to version 152 or the corresponding ESR release of 140.12.
If an update cannot be applied immediately, isolate the navigation component by restricting or disabling script execution from untrusted sources.

Generated by OpenCVE AI on June 18, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6350-1	firefox-esr security update
Debian DSA	DSA-6351-1	thunderbird security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00156.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=2040160
https://nvd.nist.gov/vuln/detail/CVE-2026-12295
https://www.cve.org/CVERecord?id=CVE-2026-12295
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12295
https://www.mozilla.org/security/advisories/mfsa2026-59/
https://www.mozilla.org/security/advisories/mfsa2026-60/
https://www.mozilla.org/security/advisories/mfsa2026-61/
https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12295

History

Thu, 18 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-1501 CWE-285

Thu, 18 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-693
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-653
References		https://nvd.nist.gov/vuln/detail/CVE-2026-12295 https://www.cve.org/CVERecord?id=CVE-2026-12295 https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12295 https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12295
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1501 CWE-285

Tue, 16 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description	Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.	Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
References		https://www.mozilla.org/security/advisories/mfsa2026-60/ https://www.mozilla.org/security/advisories/mfsa2026-61/

Tue, 16 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
Vendors & Products		Mozilla Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Title		Sandbox escape in the DOM: Navigation component
References		https://bugzilla.mozilla.org/show_bug.cgi?id=2040160 https://www.mozilla.org/security/advisories/mfsa2026-57/ https://www.mozilla.org/security/advisories/mfsa2026-58/ https://www.mozilla.org/security/advisories/mfsa2026-59/

Subscriptions

Mozilla Firefox

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2026-06-16T11:52:28.892Z

Updated: 2026-06-18T16:11:07.626Z

Reserved: 2026-06-15T15:08:08.316Z

Link: CVE-2026-12295

Vulnrichment

Updated: 2026-06-18T14:22:33.003Z

NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:29.737

Modified: 2026-06-16T17:16:33.410

Link: CVE-2026-12295

Redhat

Severity : Important

Publid Date: 2026-06-16T11:52:28Z

Links: CVE-2026-12295 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-18T22:45:16Z

Weaknesses

CWE-653
Improper Isolation or Compartmentalization
CWE-693
Protection Mechanism Failure

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object