Description
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The updated CVE description confirms a memory safety vulnerability involving improper handling of buffer bounds checks. Prior to version 152, Firefox and Thunderbird could allow an attacker to read or write outside intended memory areas, which may lead to application crashes, denial of service, or possibly the execution of arbitrary code, thereby compromising data integrity. This issue is consistent with the CWE‑119 classification of buffer overflows or underflows, and also aligns with CWE‑131, which denotes incorrect computation of buffer sizes due to improper buffer size handling.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird are affected. Versions prior to 152 contain the flaw. The issue was fixed in Firefox 152 and Thunderbird 152, so any installation running an earlier release is potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in CISA KEV. The likely attack vector is local; an attacker would need to run code within the user's context to trigger the memory error. No public exploit has been reported, but the moderate CVSS combined with low EPSS still warrants patching to prevent potential crashes or malicious execution.

Generated by OpenCVE AI on June 23, 2026 at 13:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 152 or later
  • Upgrade Mozilla Thunderbird to version 152 or later
  • Restart the application after applying the updates

Generated by OpenCVE AI on June 23, 2026 at 13:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 12:15:00 +0000


Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Thunderbird 152 Memory safety bug fixed in Firefox 152

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152. Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Firefox 152 Memory safety bug fixed in Thunderbird 152
References

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Title Memory safety bug fixed in Firefox 152
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-18T18:00:47.853Z

Reserved: 2026-06-15T15:08:11.001Z

Link: CVE-2026-12301

cve-icon Vulnrichment

Updated: 2026-06-16T17:27:40.387Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:30.363

Modified: 2026-06-16T19:16:31.123

Link: CVE-2026-12301

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-16T11:52:34Z

Links: CVE-2026-12301 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T13:30:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-131

    Incorrect Calculation of Buffer Size