CVE-2026-12310

Vulnerability

A memory safety bug was fixed in Firefox 152 and Firefox ESR 140.12 [1][2]. The exact component and conditions are not detailed in the available references, but memory safety bugs in browsers often stem from incorrect handling of data in memory, such as buffer overflows or use-after-free. Affected versions include Firefox before 152 and Firefox ESR before 140.12.

Exploitation

The references do not provide specific exploitation steps. An attacker would likely need to craft a web page or content that triggers the memory safety issue, potentially leading to a crash or memory corruption. No user interaction beyond visiting a malicious page may be required, but this is not confirmed in the available sources.

Impact

Successful exploitation could lead to a high-severity outcome, such as arbitrary code execution or a denial of service, depending on the nature of the memory safety bug [1][2]. The impact is rated as high by Mozilla.

Mitigation

Mozilla fixed this vulnerability in Firefox 152 and Firefox ESR 140.12, released on June 16, 2026 [1][2]. Users should update to these versions immediately. No workarounds are provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.