CVE-2026-12302
Description
A mitigation bypass in the DOM Security component allowed attackers to bypass security protections; fixed in Firefox 152, ESR 140.12, and ESR 115.37.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A mitigation bypass in the DOM Security component allowed attackers to bypass security protections; fixed in Firefox 152, ESR 140.12, and ESR 115.37.
Vulnerability
This vulnerability is a mitigation bypass in the DOM Security component of Firefox. It affects Firefox versions prior to 152, Firefox ESR prior to 140.12, and Firefox ESR prior to 115.37 [1][2][3]. The exact mechanism of the bypass has not been publicly disclosed.
Exploitation
No public exploitation details are available. The attacker likely requires the ability to deliver crafted web content to a vulnerable browser, but specific prerequisites and steps are not disclosed in the available references.
Impact
Successful exploitation could allow an attacker to bypass security mitigations, potentially leading to further compromise. Mozilla rates the impact as moderate [3].
Mitigation
The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, released on June 16, 2026 [1][2][3]. Users should update to these versions. No workarounds are documented.
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 152
- Range: < 152, < 140.12
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6News mentions
0No linked articles in our index yet.