CVE-2026-12325
Description
A denial-of-service vulnerability in Firefox's Graphics: ImageLib component, fixed in Firefox 152, ESR 140.12, and ESR 115.37.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in Firefox's Graphics: ImageLib component, fixed in Firefox 152, ESR 140.12, and ESR 115.37.
Vulnerability
A denial-of-service vulnerability exists in the Graphics: ImageLib component of Firefox. The exact root cause is not detailed in the available references, but it leads to a crash or resource exhaustion. This affects versions prior to Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37 [1][2][3].
Exploitation
No public exploit details or required preconditions are disclosed in the references. The vulnerability may be triggered by processing a specially crafted image, potentially requiring no user interaction beyond viewing content that loads the image [1].
Impact
Successful exploitation leads to a denial-of-service condition, causing the browser to crash or become unresponsive. This affects the availability of the browser, with no indication of code execution or data compromise [1].
Mitigation
The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, all released on June 16, 2026 [1][2][3]. Users should update to these versions or later. No workaround is provided other than updating.
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <152
- Range: <152
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6News mentions
0No linked articles in our index yet.