CVE-2026-12321
5.4 MEDIUMJIT miscompilation in the JavaScript: WebAssembly component
Published: 2026-06-16 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- CWE
- CWE-670
Affected products
| Vendor | Product |
|---|---|
| mozilla | firefox, thunderbird |
Description
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
- CVE-2026-12328 — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
- CVE-2026-12323 — Spoofing issue in the DOM: Core & HTML component (5.4 MEDIUM)
- CVE-2026-12322 — Clickjacking issue in the Widget: Gtk component (5.4 MEDIUM)
Same CWE
- CVE-2026-48844 — Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could ... (7.5 HIGH)
- CVE-2026-20171 — A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nex... (6.8 MEDIUM)
- CVE-2026-38361 — Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2 (7.5 HIGH)