CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
CVE-2026-12321 involves a JIT miscompilation in the JavaScript: WebAssembly component. This issue was fixed in Firefox 152 and Thunderbird 152.
Information disclosure exists in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Denial-of-service vulnerability in the Audio/Video: Playback component. This was fixed in Firefox 152 and Thunderbird 152.
CVE-2026-12313 is a vulnerability related to information disclosure and sandbox escape in the Security: Process Sandboxing component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12311 is an information disclosure and sandbox escape vulnerability in the Security: Process Sandboxing component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
A memory safety bug was fixed in Firefox 152 and Thunderbird 152. This vulnerability also affects Firefox ESR 140.12 and Thunderbird 140.12.
Memory safety bug fixed in Firefox 152. This vulnerability was also fixed in Firefox ESR 140.12 and Thunderbird 152 and 140.12.
A memory safety bug was fixed in Firefox 152 and Thunderbird 152. This vulnerability was also patched in the ESR versions of both Firefox and Thunderbird.
A memory safety bug was fixed in Firefox 152 and Thunderbird 152. This vulnerability was also patched in the ESR versions of Firefox and Thunderbird.
CVE-2026-12303 is an information disclosure vulnerability due to incorrect boundary conditions in the Graphics: WebGPU component. It was fixed in Firefox 152 and Thunderbird 152.
The vulnerability involves a mitigation bypass in the DOM security component. It was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Memory safety bug fixed in Firefox 152. This vulnerability was also fixed in Thunderbird 152.
Memory safety bug fixed in Firefox 152. This vulnerability was also fixed in Thunderbird 152.
A JIT miscompilation vulnerability in the DOM: Core & HTML component of Firefox and Thunderbird. The flaw was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
A memory safety bug was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. This vulnerability could potentially allow remote code execution or data leakage.
CVE-2026-8484 describes a heap buffer overflow vulnerability in the Jansi JNI 'ioctl()' wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS).
A format string vulnerability has been found in the 'alias' parameter of the Serial Param configuration page in NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This issue arises from insufficient input validation and improper handling of externally supplied format strings.
There is an unauthenticated sensitive data exposure vulnerability in GetGenie versions <= 4.4.1.
Versions of Envira Photo Gallery up to 1.12.5 have an unauthenticated broken access control vulnerability that may allow attackers to access resources they should not have access to.

