What is GHSA-gff2-447q-xjx8?

GHSA-gff2-447q-xjx8 is a security advisory published by GitHub Security Advisories with High severity. Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11,...

Which CVE IDs does GHSA-gff2-447q-xjx8 cover?

GHSA-gff2-447q-xjx8 covers the following CVE IDs: CVE-2026-12328. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-gff2-447q-xjx8?

GHSA-gff2-447q-xjx8 has a CVSS v3 base score of 8.1, published by GitHub Security Advisories.

GHSA-gff2-447q-xjx8HighCVSS 8.1

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11,...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-12328 →

📋 Description

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-12328
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029402%2C2038477%2C2039726%2C2041373%2C2042268%2C2042451%2C2042782%2C2042858%2C2042929%2C2042965%2C2043213
https://www.mozilla.org/security/advisories/mfsa2026-57
https://www.mozilla.org/security/advisories/mfsa2026-58
https://www.mozilla.org/security/advisories/mfsa2026-59
https://github.com/advisories/GHSA-gff2-447q-xjx8