Mozilla Firefox 152 Security Bulletin: Multiple CVEs Fixed (UAF, Sandbox Escape, Info Leak)

Vulnerability Overview The Mozilla Foundation released Security Advisory 2026-57, which addresses multiple security vulnerabilities. These vulnerabilities have been fixed in Firefox 152. The advisory lists several CVE identifiers, with each CVE corresponding to a specific security vulnerability. Affected Scope CVE-2026-12289: Privilege escalation in Graphics: WebRender. CVE-2026-12290: Memory safety issues in Firefox 152. CVE-2026-12291: HTTP use-after-free in Network. CVE-2026-12292: Off-by-one error in Web Audio. CVE-2026-12293: Use-after-free in Graphics: WebGPU. CVE-2026-12294: Sandbox escape in DOM: Workers. CVE-2026-12295: Sandbox escape in DOM: Navigation. CVE-2026-12296: Sandbox escape in Security: Process Sandboxing. CVE-2026-12297: Sandbox escape in Networking due to off-by-one error. CVE-2026-12298: Memory safety issues in Firefox 152. CVE-2026-12299: JIT compilation error in DOM: Core & HTML. CVE-2026-12300: Memory safety issues in Firefox 152. CVE-2026-12301: Memory safety issues in Firefox 152. CVE-2026-12302: Bypassed mitigation in DOM: Security. CVE-2026-12303: Information disclosure in Graphics: WebGPU due to off-by-one error. CVE-2026-12304: Same-origin policy bypass in Networking: Cookies. CVE-2026-12305: Memory safety issues in Firefox 152. CVE-2026-12306: Memory safety issues in Firefox 152. CVE-2026-12307: Memory safety issues in Firefox 152. CVE-2026-12308: Memory safety issues in Firefox 152. CVE-2026-12309: Memory safety issues in Firefox 152. CVE-2026-12310: Memory safety issues in Firefox 152. CVE-2026-12311: Information disclosure and sandbox escape in Security: Process Sandboxing. CVE-2026-12312: Memory safety issues in Firefox 152. CVE-2026-12313: Information disclosure and sandbox escape in Security: Process Sandboxing. CVE-2026-12314: Memory safety issues in Firefox 152. CVE-2026-12315: Bypassed mitigation in DOM: Security. CVE-2026-12316: Bypassed mitigation in DOM: Security. CVE-2026-12317: Memory safety issues in Firefox 152. CVE-2026-12318: Off-by-one error in NSS library. CVE-2026-12319: Denial of Service in Audio/Video: Playback. Remediation All the aforementioned vulnerabilities have been fixed in Firefox 152. Users are advised to upgrade to Firefox 152 as soon as possible to address these security issues. POC Code or Exploit Code No specific POC code or exploit code is provided on the page.

Goal Reached Thanks to every supporter — we hit 100%!

Mozilla Firefox 152 Security Bulletin: Multiple CVEs Fixed (UAF, Sandbox Escape, Info Leak)