CVE Catalog

CVE-2026-12291

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

A use-after-free vulnerability was found in the Networking: HTTP component of Firefox and Thunderbird. It was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Risk Assessment

An attacker could exploit this flaw to execute arbitrary code or cause a denial of service, compromising data confidentiality and integrity.

Recommendation

Immediately update Firefox and Thunderbird to the patched versions listed (Firefox 152, ESR 140.12/115.37, Thunderbird 152/140.12).

Original NVD description (English source)

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS