CVE-2026-12321

Vulnerability

A JIT miscompilation exists in the JavaScript: WebAssembly component of Firefox. This vulnerability affects Firefox versions prior to 152. The bug occurs during just-in-time compilation of WebAssembly code, leading to incorrect code generation. The exact conditions required to trigger the miscompilation are not publicly detailed, but it is reachable when WebAssembly is executed.

Exploitation

An attacker with the ability to execute WebAssembly code in the browser could potentially trigger the miscompilation. The specific steps to exploit this vulnerability have not been disclosed in the available references. However, given the high impact rating, exploitation is considered feasible.

Impact

Successful exploitation of this JIT miscompilation could result in memory corruption. This may allow an attacker to achieve arbitrary code execution within the browser's sandbox, potentially leading to further compromise. The impact is rated high by Mozilla.

Mitigation

This vulnerability is fixed in Firefox 152, released on June 16, 2026 [1]. Users should upgrade to Firefox 152 or later. No workarounds are available.