Mozilla Firefox Security Updates – 17 June 2026

Mozilla has released updated Firefox version 152 and Firefox ESR versions 115.37 and 140.12 to fix multiple vulnerabilities.

The addressed vulnerabilities could allow the attacker to conduct denial-of-service and spoofing attacks, gain elevated privilege, trigger memory corruption, obtain sensitive information, bypass security restrictions, and execute arbitrary code on the affected systems.

Sample of the addressed vulnerabilities:

1) Mozilla Firefox Same-Origin Policy Bypass in the Networking: Cookies Component Vulnerability (CVE-2026-12304):

  • CVSS: 9.1
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Bypass Security

2) Mozilla Firefox Privilege Escalation in the Graphics: WebRender Component (CVE-2026-12289):

  • CVSS: 8.8
  • Attack Vector: Network
  • Attack Complexity: Low Firefox
  • Privileges Required: None
  • User Interaction: Required
  • Consequences: Gain Privileges
Vulnerabilities
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Mozilla Firefox Security Advisory

References