Description
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a memory safety bug that could lead to a program crash. The weakness is classified as CWE-119, which involves buffer incorrectly bounded operations. The CVSS score of 5.3 reflects a moderate severity, indicating that while the bug is notable, it is not assessed as a high‑impact remote exploitation vector in the current data.

Affected Systems

All installations of Mozilla Firefox and Mozilla Thunderbird earlier than version 152 are vulnerable. The issue was addressed in Firefox 152 and Thunderbird 152, so users running those or newer releases are not affected. No other vendors or versions are reported as impacted.

Risk and Exploitability

The EPSS score is below 1%, showing a very low likelihood of exploitation at the time of the assessment, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly documented; based on the description it is inferred that an attacker could trigger the issue by providing crafted input to the application, though the precise path is not detailed in the available references. The CVSS base score indicates that an exploit would result in system instability rather than full code execution.

Generated by OpenCVE AI on June 25, 2026 at 13:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Thunderbird to version 152 or later
  • Upgrade Mozilla Firefox to version 152 or later
  • Enable automatic updates for Mozilla products

Generated by OpenCVE AI on June 25, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000


Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Thunderbird 152 Memory safety bug fixed in Firefox 152

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152. Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Firefox 152 Memory safety bug fixed in Thunderbird 152
References

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Title Memory safety bug fixed in Firefox 152
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-18T18:00:47.294Z

Reserved: 2026-06-15T15:08:10.596Z

Link: CVE-2026-12300

cve-icon Vulnrichment

Updated: 2026-06-16T17:25:58.145Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:30.267

Modified: 2026-06-16T19:16:30.950

Link: CVE-2026-12300

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-16T11:52:33Z

Links: CVE-2026-12300 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T14:00:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write