CVE Catalog

CVE-2026-12293

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A use-after-free vulnerability was found in the WebGPU component of Firefox and Thunderbird. The flaw was fixed in versions 152 of both applications.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service, compromising system confidentiality and availability.

Recommendation

Immediately update Firefox and Thunderbird to version 152 or later.

Original NVD description (English source)

Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS