CVE-2026-12319

Vulnerability

The vulnerability is a denial-of-service (DoS) in the Audio/Video: Playback component of Firefox. The specific root cause is not detailed, but it was present in Firefox versions prior to 152. The component handles media playback; a specially crafted media file or stream could trigger the denial of service. Affected: Firefox versions before 152. [1]

Exploitation

An attacker would need to deliver a malicious media file or stream to the target user. No authentication or special privileges are required; the user would need to load the crafted content in Firefox. The attack could be triggered by visiting a webpage that contains the malicious media or by opening a file. The exact steps are not disclosed. [1]

Impact

Successful exploitation results in a denial of service, causing the browser to crash or become unresponsive for the duration of the attack. No code execution or data compromise is indicated. The impact is limited to availability. [1]

Mitigation

The vulnerability is fixed in Firefox 152, released June 16, 2026. Users should update to Firefox 152 or later. No workarounds are provided. Not listed on CISA KEV as of this writing. [1]