Back to overview

CVE-2026-12314

HIGH
7.5
CVSS 3.1
Description
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Metadata

CVE ID
CVE-2026-12314
State
PUBLISHED
Assigner
mozilla
Reserved
2026-06-15 15:08 UTC
Published
2026-06-16 11:52 UTC
Last updated
2026-06-16 18:14 UTC
Primary CWE
CWE-119
CWE-119 Improper Restriction of Operations within the Bounds…
Vendor / Product
Mozilla / Firefox
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
Mozilla Firefox 140.12 ≤ 140.*, 152 ≤ *
Mozilla Thunderbird 140.12 ≤ 140.*, 152 ≤ *
Weakness (CWE)
CWESourceDescription
CWE-119 adp CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125 adp CWE-125 Out-of-bounds Read
CWE-416 adp CWE-416 Use After Free
CWE-787 adp CWE-787 Out-of-bounds Write
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References (5)
Back to overview