CVE-2026-12317

Vulnerability

A memory safety bug exists in Firefox prior to version 152. The exact component is not disclosed, but the bug is classified as a memory safety issue, which typically involves improper handling of memory operations such as out-of-bounds access or use-after-free. The vulnerability affects all Firefox versions before 152. [1]

Exploitation

An attacker can exploit this vulnerability by convincing a user to visit a specially crafted web page. No additional privileges or network position beyond standard web access are required. The attacker would need to craft content that triggers the memory safety condition, leading to memory corruption. [1]

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the browser process. This could lead to full compromise of the browser, including access to sensitive data, installation of malware, or further system compromise. The impact is rated as high by Mozilla. [1]

Mitigation

The vulnerability is fixed in Firefox version 152, released on June 16, 2026. Users should update to Firefox 152 or later. No workarounds are available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]