CVE-2026-12289

Vulnerability

CVE-2026-12289 is a privilege escalation vulnerability in the Graphics: WebRender component of Firefox. The vulnerability was reported by choeseyeong and affects Firefox versions prior to 152, Firefox ESR versions prior to 140.12, and Firefox ESR versions prior to 115.37 [1][2][3]. The exact technical details of the flaw have not been publicly disclosed.

Exploitation

The available references do not specify the precise conditions required for exploitation. As a privilege escalation vulnerability, it likely requires an attacker to already have some level of access to the system, such as the ability to execute code or interact with the WebRender component. No further exploitation details are provided in the advisories [1][2][3].

Impact

Successful exploitation allows an attacker to escalate privileges, potentially gaining higher-level access than intended. The impact is rated as high by Mozilla, indicating a significant risk to confidentiality, integrity, or availability [1][2][3].

Mitigation

The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, all released on June 16, 2026 [1][2][3]. Users should update to these versions or later. No workarounds have been published.