CVE Catalog

CVE-2026-12298

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A memory safety bug was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. This vulnerability could potentially allow remote code execution or data leakage.

Risk Assessment

The organization is at risk of remote code execution or sensitive data theft due to a memory safety flaw in the browser or email client.

Recommendation

Immediately update Firefox to version 152 or later, and Thunderbird to version 152 or 140.12.

Original NVD description (English source)

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS