CVE-2026-12327 – Firefox
“Memory corruption bugs may stay hidden until they become a path to code execution.”
This patch addresses three memory safety vulnerabilities in Mozilla Firefox and Thunderbird. CVE-2026-12326, CVE-2026-12327, and CVE-2026-12328 affect multiple Firefox, Firefox ESR, and Thunderbird releases. Mozilla reported that these issues involve memory safety defects that showed evidence of memory corruption. Such conditions can potentially be leveraged to execute arbitrary code under certain circumstances.
CVE-2026-12326 has a CVSS score of 8.1, which is High severity. CVE-2026-12327 has a CVSS score of 8.1, which is High severity. CVE-2026-12328 has a CVSS score of 8.1, which is High severity.
The vulnerabilities were corrected in Firefox 152, Thunderbird 152, Firefox ESR 140.12, Thunderbird ESR 140.12, and Firefox ESR 115.37, depending on the affected product branch. While no verified exploitation has been reported, the presence of memory corruption behavior increases the security risk and warrants prompt patching.
Key Details
- Affected Product
- Mozilla Firefox
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-119