AI description
Automated description summarized from trusted sources.
CVE-2026-12291 is identified as a use-after-free vulnerability affecting the Networking: HTTP component in Mozilla Firefox and Thunderbird. This flaw arises when a program attempts to access memory after it has been freed, which can lead to memory corruption issues. Mozilla addressed this vulnerability in several updates, specifically in Firefox version 152, Firefox ESR versions 140.12 and 115.37, and Thunderbird versions 152 and 140.12.
- Description
- Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- Source
- security@mozilla.org
- NVD status
- Analyzed
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-416
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "60E86F4A-420C-4F69-8081-79D1F64411C7",
"versionEndExcluding": "115.37.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "26C07C15-4B40-4068-A2F1-BE3E597D14B7",
"versionEndExcluding": "152.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "034DA8EC-AD2B-4304-974F-078901E541D1",
"versionEndExcluding": "140.12.0",
"versionStartIncluding": "128.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "767E6445-0CE7-46B5-A02B-EC06D37E45F8",
"versionEndExcluding": "140.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"matchCriteriaId": "77D88ED0-AABD-4312-98B8-3D4B70226577",
"versionEndExcluding": "152.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]