CVE-2026-12297 PUBLISHED

Sandbox escape due to incorrect boundary conditions in the Networking component

Assigner: mozilla
Reserved: 15.06.2026 Published: 16.06.2026 Updated: 16.06.2026

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Product Status

Vendor	Mozilla
Product	Firefox
Versions	unaffected from 115.37 to 115.* (incl.) unaffected from 140.12 to 140.* (incl.) unaffected from 152 to * (incl.)

Credits

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2041610
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://www.mozilla.org/security/advisories/mfsa2026-59/