CVE-2026-12299
Description
JIT miscompilation in Firefox's DOM Core & HTML component could lead to memory corruption and potential arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
JIT miscompilation in Firefox's DOM Core & HTML component could lead to memory corruption and potential arbitrary code execution.
Vulnerability
JIT miscompilation in the DOM: Core & HTML component in Firefox before version 152, Firefox ESR before version 140.12, and Firefox ESR before version 115.37. This type confusion or miscompilation could be triggered by crafted HTML content.
Exploitation
An attacker would need to convince a user to visit a malicious webpage. Specific exploitation steps have not been publicly disclosed.
Impact
Successful exploitation could lead to memory corruption and potentially arbitrary code execution within the browser context, classified as a high-severity issue.
Mitigation
Fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, released on June 16, 2026 [1][2][3]. No workarounds are available for unpatched versions.
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <152
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6News mentions
0No linked articles in our index yet.