CVE-2026-12291
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
A use-after-free vulnerability was found in the Networking: HTTP component of Firefox and Thunderbird. It was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Risk Assessment
An attacker could exploit this flaw to execute arbitrary code or cause a denial of service, compromising data confidentiality and integrity.
Recommendation
Immediately update Firefox and Thunderbird to the patched versions listed (Firefox 152, ESR 140.12/115.37, Thunderbird 152/140.12).
Original NVD description (English source)
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

