CVE Catalog

CVE-2026-12290

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

A memory safety bug was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. This vulnerability could allow remote code execution or data leakage.

Risk Assessment

The organization is at risk of memory corruption attacks that could lead to system compromise or sensitive data exposure.

Recommendation

Immediately update all Firefox and Thunderbird instances to version 152 or later, and the respective ESR versions (140.12, 115.37).

Original NVD description (English source)

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS