Description
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mozilla released memory safety bugs in Firefox 151 and Thunderbird 151 that caused memory corruption. The bugs exhibit the potential to be exploited for arbitrary code execution. The weaknesses are categorized as CWE-119 and CWE-825, both of which can lead to arbitrary code execution when triggered.

Affected Systems

The affected products are Mozilla Firefox and Mozilla Thunderbird. Versions up to and including 151 are vulnerable; the vulnerability was fixed in Firefox 152 and Thunderbird 152.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity risk. The EPSS score is less than 1 %, suggesting that exploitation of this vulnerability is currently unlikely but not impossible. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly stated in the advisory, but based on the description it is inferred that the exploit would require the affected application to be executed, potentially with user interaction or via a malicious webpage or email attachment. No public proof‑of‑concept is disclosed, so the likelihood remains low, yet the high impact warrants prompt remediation.

Generated by OpenCVE AI on June 25, 2026 at 14:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that addresses the memory corruption flaws (CWE-119 and CWE-825).
  • Limit execution of untrusted add‑ons or plugins that could trigger buffer overflows (CWE-119) or uncontrolled input (CWE-825) in Firefox, and quarantine or disable processing of untrusted email attachments in Thunderbird until the patch is applied.
  • Continuously monitor application logs and system activity for anomalous memory access or crashes that could indicate an attempt to exploit buffer overflows (CWE-119) or integer overflows (CWE-825) in similar memory corruption vulnerabilities.

Generated by OpenCVE AI on June 25, 2026 at 14:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:45:00 +0000


Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152. Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
References

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Tue, 16 Jun 2026 13:15:00 +0000


Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-30T03:17:49.507Z

Reserved: 2026-06-15T15:08:21.967Z

Link: CVE-2026-12326

cve-icon Vulnrichment

Updated: 2026-06-30T02:43:32.113Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T13:16:33.380

Modified: 2026-06-16T17:16:38.157

Link: CVE-2026-12326

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-16T11:52:59Z

Links: CVE-2026-12326 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T14:30:06Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-825

    Expired Pointer Dereference