All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-12295
NONEpublished 2026-06-16 13:16 UTC · 9 days ago · modified 2026-06-16 17:16 UTC
CVSS / 10
// description
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
// references (6)
- https://bugzilla.mozilla.org/show_bug.cgi?id=2040160
- https://www.mozilla.org/security/advisories/mfsa2026-57/
- https://www.mozilla.org/security/advisories/mfsa2026-58/
- https://www.mozilla.org/security/advisories/mfsa2026-59/
- https://www.mozilla.org/security/advisories/mfsa2026-60/
- https://www.mozilla.org/security/advisories/mfsa2026-61/