9.6
CVE-2026-12297
- EPSS 0.39%
- Veröffentlicht 16.06.2026 11:52:30
- Zuletzt bearbeitet 09.07.2026 13:16:49
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Sandbox escape due to incorrect boundary conditions in the Networking component
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird SwEditionesr Version < 140.12.0
Mozilla ≫ Thunderbird SwEdition- Version < 152.0.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.311 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-653 Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://www.mozilla.org/security/advisories/mfsa2026-59/
https://bugzilla.mozilla.org/show_bug.cgi?id=2041610
https://www.mozilla.org/security/advisories/mfsa2026-60/
https://www.mozilla.org/security/advisories/mfsa2026-61/
https://bugzilla.redhat.com/show_bug.cgi?id=2489235
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12297.json
https://access.redhat.com/errata/RHSA-2026:27717
https://access.redhat.com/errata/RHSA-2026:27733
https://access.redhat.com/errata/RHSA-2026:27734
https://access.redhat.com/errata/RHSA-2026:29940
https://access.redhat.com/errata/RHSA-2026:30846
https://access.redhat.com/errata/RHSA-2026:33445
https://access.redhat.com/errata/RHSA-2026:36100
https://access.redhat.com/errata/RHSA-2026:36101
https://access.redhat.com/errata/RHSA-2026:36102
https://access.redhat.com/errata/RHSA-2026:36103
https://access.redhat.com/security/cve/CVE-2026-12297
https://access.redhat.com/errata/RHSA-2026:37210