CVE-2026-12329

Published: Giu 16, 2026 Last Modified: Giu 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: low

Description

AI Translation Available

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)

Applicable Platforms

Languages: Memory-Unsafe, C, C++, Assembly

Likelihood of Exploit: High

View CWE Details

416

Use After Free

Stable

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality

Potential Impacts:

Modify Memory Dos: Crash, Exit, Or Restart Read Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: Memory-Unsafe, C, C++

Likelihood of Exploit: High

View CWE Details

476

NULL Pointer Dereference

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory

Applicable Platforms

Languages: C, C++, Java, C#, Go

Likelihood of Exploit: Medium

View CWE Details

Application

Thunderbird by Mozilla

Product Information

Vendor Mozilla

Product Thunderbird

Version Range Affected

From 140.0 (inclusive)

To 140.12.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Firefox by Mozilla

Product Information

Vendor Mozilla

Product Firefox

Version Range Affected

From 140.0 (inclusive)

To 140.12.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://bugzilla.mozilla.org/show_bug.cgi?id=2044738

https://www.mozilla.org/security/advisories/mfsa2026-58/

https://www.mozilla.org/security/advisories/mfsa2026-61/

CVE-2026-12329

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Consequences

Applicable Platforms

Use After Free

Common Consequences

Applicable Platforms

NULL Pointer Dereference

Common Consequences

Applicable Platforms

Thunderbird by Mozilla

Product Information

Firefox by Mozilla

Product Information

Iscriviti alla newsletter