Description
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes a memory safety flaw—categorized as CWE‑119—that existed in multiple Mozilla products, including Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. The defect was explicitly fixed in those versions. Although the advisory does not enumerate the precise exploitation consequences, memory-safety bugs generally stem from unsafe memory handling that can cause crashes, data corruption, or arbitrary code execution when triggered by malicious content.

Affected Systems

Mozilla Firefox (versions 152 and Firefox ESR 140.12) and Mozilla Thunderbird (versions 152 and 140.12) are impacted. Users running older releases of either browser or mail client have not received the patch and remain vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity impact. The EPSS score of less than 1 % suggests that, as of the latest data, the probability of exploitation in the wild is low. The vulnerability is not listed in the CISA KEV catalog, further indicating limited real-world exploitation. The absence of an explicit attack vector in the description leaves the exact method of exploitation unclear; however, memory‑corruption flaws are typically exploited through crafted data or content processed by the affected application, potentially requiring local or remote user interaction. Given the moderate CVSS and low EPSS, organizations may treat this as a low‑to‑moderate priority issue pending application of the available patches.

Generated by OpenCVE AI on June 18, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 152 or later, or apply the latest available update.
  • Upgrade Mozilla Thunderbird to version 152 or later, or apply the latest available update.
  • Apply Firefox ESR 140.12 or newer to ensure the patch is present.

Generated by OpenCVE AI on June 18, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4635-1 firefox-esr security update
Debian DLA Debian DLA DLA-4636-1 thunderbird security update
Debian DSA Debian DSA DSA-6350-1 firefox-esr security update
Debian DSA Debian DSA DSA-6351-1 thunderbird security update
History

Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Title Memory safety bug fixed in Thunderbird 152 Memory safety bug fixed in Firefox 152

Thu, 18 Jun 2026 16:45:00 +0000


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Title Memory safety bug fixed in Firefox 152 Memory safety bug fixed in Thunderbird 152
References

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Title Memory safety bug fixed in Firefox 152
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-18T18:00:50.668Z

Reserved: 2026-06-15T15:08:13.863Z

Link: CVE-2026-12308

cve-icon Vulnrichment

Updated: 2026-06-16T17:38:58.302Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:31.053

Modified: 2026-06-16T19:16:33.350

Link: CVE-2026-12308

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-16T11:52:41Z

Links: CVE-2026-12308 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T22:00:12Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer