CVE-2026-12293

Published Jun 16, 2026

Last updated 3 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-12293 is identified as a use-after-free vulnerability found within the Graphics: WebGPU component. This flaw affects both Firefox and Thunderbird applications. The vulnerability was addressed and fixed in Firefox version 152 and Thunderbird version 152. Some reports indicate that this issue could potentially be leveraged for code execution.

Description: Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Source: security@mozilla.org
NVD status: Modified
Products: firefox, thunderbird

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-416

Hype score: Not currently trending

Firefox-152でUse-After-Free（解放済みメモリの再利用）やサンドボックスエスケープなどHigh評価の脆弱性が複数修正されています。HTTPのUse-After-Free（CVE-2026-12291）、WebGPUのUse-After-Free（CVE-2026-12293）、サンドボック
@MalwareBibleJP
20 Jun 2026
2070 Impressions
5 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "26C07C15-4B40-4068-A2F1-BE3E597D14B7",
            "versionEndExcluding": "152.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "77D88ED0-AABD-4312-98B8-3D4B70226577",
            "versionEndExcluding": "152.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.