Description
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an attacker to read data that should not be exposed by exploiting incorrect boundary checks in the Graphics: WebGPU component. The flaw is an out‑of‑bounds read (CWE‑125), which can expose sensitive information stored in memory buffers, potentially revealing private data such as credentials or local content. Because the flaw is an information disclosure that does not provide direct code execution or privilege escalation, the primary risk is the inadvertent leakage of user data to the attacker.

Affected Systems

The affected products are Mozilla Firefox and Mozilla Thunderbird. The issue was addressed in Firefox 152 and Thunderbird 152, meaning any versions prior to 152 are vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑to‑moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely at the moment, and the vulnerability is not listed in CISA’s KEV catalog. The most plausible attack vector is via a malicious site or user manipulating WebGPU APIs to trigger the boundary error, but detailed exploitation conditions are not specified in the advisory. Given the limited exploitability and information‑only impact, the risk to a well‑patched environment is low, though the threat of data leakage remains if the software is outdated.

Generated by OpenCVE AI on June 17, 2026 at 22:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 152 or later.
  • Upgrade Thunderbird to version 152 or later.
  • If an upgrade cannot be performed immediately, consider disabling the WebGPU functionality or restricting its use until the patch is applied.

Generated by OpenCVE AI on June 17, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Vendors & Products Mozilla thunderbird

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152. Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
References

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.
Title Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-16T16:08:31.424Z

Reserved: 2026-06-15T15:08:11.833Z

Link: CVE-2026-12303

cve-icon Vulnrichment

Updated: 2026-06-16T14:31:23.541Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-16T13:16:30.557

Modified: 2026-06-16T20:43:30.297

Link: CVE-2026-12303

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-16T11:52:36Z

Links: CVE-2026-12303 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T22:45:13Z

Weaknesses