Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6350 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6350-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     June 17, 2026                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2026-12289 CVE-2026-12290 CVE-2026-12291 CVE-2026-12292                      CVE-2026-12294 CVE-2026-12295 CVE-2026-12296 CVE-2026-12297                      CVE-2026-12298 CVE-2026-12299 CVE-2026-12302 CVE-2026-12304                      CVE-2026-12305 CVE-2026-12306 CVE-2026-12307 CVE-2026-12308                      CVE-2026-12309 CVE-2026-12310 CVE-2026-12311 CVE-2026-12312                      CVE-2026-12313 CVE-2026-12314 CVE-2026-12315 CVE-2026-12324                      CVE-2026-12325 CVE-2026-12327 CVE-2026-12328 CVE-2026-12329                      CVE-2026-12330

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code, bypass of the same-origin policy, privilege escalation,     information disclosure, spoofing or sandbox escape.

    For the stable distribution (trixie), these problems have been fixed in     version 140.12.0esr-1~deb13u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5eeadd9b1b advisory.

    Update NSS to 3.124.0     Update Firefox to 152.0

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151     and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed     in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
    (CVE-2026-12328)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory.

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

  - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

  - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and     Thunderbird 152. (CVE-2026-12293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory.

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

  - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12294)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory.

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

  - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

  - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and     Thunderbird 152. (CVE-2026-12293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory.

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

  - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12294)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.37. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-59 advisory.

  - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151     and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2026-12328)

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, and Firefox ESR 115.37. (CVE-2026-12289)

  - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,     and Firefox ESR 115.37. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12294)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.37. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-59 advisory.

  - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151     and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2026-12328)

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, and Firefox ESR 115.37. (CVE-2026-12289)

  - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,     and Firefox ESR 115.37. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12294)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory.

  - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-12327)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and     Firefox ESR 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12295)

  - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152     and Firefox ESR 140.12. (CVE-2026-12296)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-58 advisory.

  - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-12327)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and     Firefox ESR 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12295)

  - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152     and Firefox ESR 140.12. (CVE-2026-12296)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory.

  - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-12327)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and     Firefox ESR 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12295)

  - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152     and Firefox ESR 140.12. (CVE-2026-12296)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-58 advisory.

  - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-12327)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and     Firefox ESR 140.12. (CVE-2026-12292)

  - Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, and Firefox ESR 115.37. (CVE-2026-12295)

  - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152     and Firefox ESR 140.12. (CVE-2026-12296)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
321490	Debian dsa-6350 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
321470	Fedora 44 : firefox / nss (2026-5eeadd9b1b)	Nessus	Fedora Local Security Checks	critical
321297	Linux Distros Unpatched Vulnerability : CVE-2026-12328	Nessus	Misc.	high
321222	Mozilla Thunderbird < 152.0	Nessus	MacOS X Local Security Checks	critical
321221	Mozilla Thunderbird < 140.12	Nessus	MacOS X Local Security Checks	critical
321220	Mozilla Thunderbird < 152.0	Nessus	Windows	critical
321219	Mozilla Thunderbird < 140.12	Nessus	Windows	critical
321204	Mozilla Firefox ESR < 115.37	Nessus	Windows	high
321203	Mozilla Firefox ESR < 115.37	Nessus	MacOS X Local Security Checks	high
321196	Mozilla Firefox < 152.0	Nessus	Windows	critical
321195	Mozilla Firefox ESR < 140.12	Nessus	MacOS X Local Security Checks	critical
321194	Mozilla Firefox < 152.0	Nessus	MacOS X Local Security Checks	critical
321193	Mozilla Firefox ESR < 140.12	Nessus	Windows	critical

Detections

Analytics

CVE-2026-12328

high

Tenable Plugins

critical

critical

high

critical

critical

critical

critical

high

high

critical

critical

critical

critical