Mozilla Firefox ESR 140.12 Security Advisory: Sandbox Escape and RCE Fixes

Mozilla Foundation Security Advisory 2026-58 Vulnerability Overview The Mozilla Foundation has released security advisory 2026-58, addressing multiple security vulnerabilities in Firefox ESR 140.12. Affected Products Firefox ESR Thunderbird ESR Resolution Firefox ESR 140.12 Thunderbird ESR 140.12 Vulnerability Details CVE-2026-12289: Privilege Escalation in Graphics: WebRender Reporter: choeseyong Impact: High References: Bug 2023443 CVE-2026-12290: Memory Safety Fixes in Firefox ESR 140.12 Reporter: JayJayJazz Impact: High References: Bug 2024852 CVE-2026-12291: HTTP Use-After-Free in Networking Components Reporter: Zijie Zhao Impact: High References: Bug 2026929 CVE-2026-12292: Off-by-One Error in Web Audio Components Reporter: Zijie Zhao Impact: High References: Bug 2028405 CVE-2026-12294: Sandbox Escape in DOM: Workers Reporter: Quy Pham Impact: High References: Bug 2029873 CVE-2026-12295: Sandbox Escape in DOM: Navigation Reporter: Yaqoub Aldurayhim Impact: High References: Bug 2040169 CVE-2026-12298: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Haruka Yamazaki Impact: High References: Bug 2041991 CVE-2026-12296: Sandbox Escape in Security: Process Sandboxing Reporter: Yaqoub Aldurayhim Impact: High References: Bug 2040515 CVE-2026-12297: Sandbox Escape in Networking Components Due to Off-by-One Error Reporter: ZX Impact: High References: Bug 2041818 CVE-2026-12299: JIT Miscompilation in DOM: Core & HTML Reporter: Hyeonjun Ahn Impact: High References: Bug 2043139 CVE-2026-12320: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Michael Froman Impact: High References: Bug 2044738 CVE-2026-12302: Mitigations Bypassed in DOM: Security Reporter: lebr0nli Impact: Moderate References: Bug 2034489 CVE-2026-12304: Same-Origin Policy Bypass for Cookies in Networking Components Reporter: Yaqoub Aldurayhim Impact: Moderate References: Bug 2034944 CVE-2026-12305: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Zijie Zhao Impact: Moderate References: Bug 2037200 CVE-2026-12306: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Mihalis Haatainen Impact: Moderate References: Bug 2037323 CVE-2026-12307: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Atsushi Sada Impact: Moderate References: Bug 2038133 CVE-2026-12308: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Mihalis Haatainen Impact: Moderate References: Bug 2038302 CVE-2026-12309: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Yaqoub Aldurayhim Impact: Moderate References: Bug 2038478 CVE-2026-12310: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Carl Pearson Impact: Moderate References: Bug 2039707 CVE-2026-12311: Information Disclosure and Sandbox Escape in Security: Process Sandboxing Reporter: Yaqoub Aldurayhim Impact: Moderate References: Bug 2040177 CVE-2026-12312: Memory Safety Fixes in Firefox ESR 140.12 Reporter: Rintaro Kawasugi Impact: Moderate References: Bug 2040393 CVE-2026-12313: Information Disclosure and Sandbox Escape in Security: Process Sandboxing Reporter: evyatar Impact: Moderate References: Bug 2040477 CVE-2026-12314: Memory Safety Fixes in Firefox ESR 140.12 Reporter: satyamasd Impact: Moderate References: Bug 2041850 CVE-2026-12315: Mitigations Bypassed in DOM: Security Reporter: Nguyen Minh Impact: Moderate References: Bug 2042058 CVE-2026-12330: Off-by-One Error in Internationalization Components Reporter: Mozilla Fuzzing Team Impact: Moderate References: Bug 2029326 CVE-2026-12324: Off-by-One Error in CanvasWebGL within Graphics Components Reporter: Mihalis Haatainen Impact: Low References: Bug 2038444 CVE-2026-12325: Denial of Service in ImageLib within Graphics Components Reporter: SecurIn Impact: Low References: Bug 2038443 CVE-2026-12327: Memory Safety Fixes in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152, and Thunderbird 152 Reporter: Christian Holler, Jens Stutte, Nika Layzell, Randall Jesup, Tom Schuster, and Mozilla Fuzzing Team Impact: Moderate Description: Memory safety bugs in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs exhibited evidence of memory corruption; we presume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. References: Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 CVE-2026-12328: Memory Safety Fixes in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152, and Thunderbird 152 Reporter: Andrew McCreight, Randall Jesup, Tom Ritter, and Mozilla Fuzzing Team Impact: High Description: Memory safety bugs in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs exhibited evidence of memory corruption; we presume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. References: High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderb

Goal Reached Thanks to every supporter — we hit 100%!

Mozilla Firefox ESR 140.12 Security Advisory: Sandbox Escape and RCE Fixes