CVE-2026-12318

Vulnerability

CVE-2026-12318 is a vulnerability in the Libraries component of NSS (Network Security Services), a set of cryptographic libraries used by Firefox. The bug is caused by incorrect boundary conditions, which may lead to out-of-bounds memory access. This flaw was present in Firefox versions prior to 152 [1].

Exploitation

An attacker would need to craft a malicious input or certificate that triggers the boundary condition error when processed by NSS. No specific authentication or user interaction beyond normal browsing (e.g., visiting a site or loading a resource) is described in the available references [1].

Impact

Successful exploitation could result in memory corruption, potentially leading to arbitrary code execution or denial of service. The exact impact is rated as high severity by Mozilla [1]. The attacker might achieve compromise of the browser's security context.

Mitigation

The vulnerability is fixed in Firefox 152, released on June 16, 2026 [1]. Users should update to Firefox 152 or later. No workarounds are provided by Mozilla. There is no indication that this CVE is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.