CVE Catalog
CVE-2026-12298
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.31%
22th percentile — higher than 22% of all known CVEs
Summary
A memory safety bug was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. This vulnerability could potentially allow remote code execution or data leakage.
Risk Assessment
The organization is at risk of remote code execution or sensitive data theft due to a memory safety flaw in the browser or email client.
Recommendation
Immediately update Firefox to version 152 or later, and Thunderbird to version 152 or 140.12.
Original NVD description (English source)
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

