Description
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE document states that a memory safety bug was fixed in Thunderbird 152 and Firefox 152. The flaw is classified as CWE‑119 and CWE‑825, indicating an out‑of‑bounds memory operation. Based on the nature of both CWEs, such flaws can potentially lead to arbitrary code execution if an attacker can exercise the vulnerable memory operation.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird earlier than version 152 are affected. Users running any pre‑152 build should verify their installed version and upgrade to a patched release to eliminate the defect.

Risk and Exploitability

The CVSS score of 7.5 places the defect in the high severity range. The EPSS score of less than 1 % indicates a very low probability of exploitation at present, and the issue is not listed in the CISA KEV catalog. The attack vector is not explicitly defined in the CVE data; it is inferred that the bug could be triggered by application processing of crafted content, such as malformed input or data read from an external source. The overall risk balances a potentially high impact with a currently low exploitation likelihood.

Generated by OpenCVE AI on June 25, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox and Thunderbird to version 152 or later to receive the vendor‑supplied fix for the memory safety flaw.
  • If upgrading is not immediately possible, reduce exposure by limiting the application’s handling of untrusted data, such as disabling add‑ons, themes, or external plugins that can provide crafted inputs.
  • Apply system‑level hardening such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to mitigate the effect of any remaining memory corruption attempts.

Generated by OpenCVE AI on June 25, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000


Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Thunderbird 152 Memory safety bug fixed in Firefox 152

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152. Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Title Memory safety bug fixed in Firefox 152 Memory safety bug fixed in Thunderbird 152
References

Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 16 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Description Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Title Memory safety bug fixed in Firefox 152
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-18T18:00:54.144Z

Reserved: 2026-06-15T15:08:17.711Z

Link: CVE-2026-12317

cve-icon Vulnrichment

Updated: 2026-06-16T18:08:34.243Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:32.350

Modified: 2026-06-16T19:16:34.067

Link: CVE-2026-12317

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-16T11:52:50Z

Links: CVE-2026-12317 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T13:30:15Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-825

    Expired Pointer Dereference