CVE-2026-12299

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

843

Access of Resource Using Incompatible Type ('Type Confusion')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Read Memory Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages: C, C++
View CWE Details
Application

Firefox by Mozilla

Product Information
Vendor Mozilla
Product Firefox
Version Range Affected
To 115.37.0 (exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Thunderbird by Mozilla

Product Information
Vendor Mozilla
Product Thunderbird
Version Range Affected
To 152.0.0 (exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Thunderbird by Mozilla

Product Information
Vendor Mozilla
Product Thunderbird
Version Range Affected
From 140.0 (inclusive)
To 140.12.0 (exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Firefox by Mozilla

Product Information
Vendor Mozilla
Product Firefox
Version Range Affected
To 152.0 (exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Firefox by Mozilla

Product Information
Vendor Mozilla
Product Firefox
Version Range Affected
From 140.0 (inclusive)
To 140.12.0 (exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugzilla.mozilla.org/show_bug.cgi?id=2043139
https://bugzilla.mozilla.org/show_bug.cgi?id=2043139
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://www.mozilla.org/security/advisories/mfsa2026-59/
https://www.mozilla.org/security/advisories/mfsa2026-59/
https://www.mozilla.org/security/advisories/mfsa2026-60/
https://www.mozilla.org/security/advisories/mfsa2026-60/
https://www.mozilla.org/security/advisories/mfsa2026-61/
https://www.mozilla.org/security/advisories/mfsa2026-61/