The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory.

  - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and     Thunderbird 152. (CVE-2026-12293)

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

  - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,     Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR     140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

  - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,     Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Mozilla Firefox < 152.0

critical Nessus Plugin ID 321196

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Jun 20, 2026, 5:45 PM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 score source (changed from "CVE-2026-12327" to "CVE-2026-12293") CVSSv2 severity (based on CVE-2026-12293, severity increased from "Medium" to "High") Plugin Feed: 202606201745
Version 1.2 Jun 20, 2026, 11:15 AM CVSSv2 severity (based on CVE-2026-12327, severity increased from "Medium" to "High") CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv2 score" set to 10.0) Plugin metadata Plugin Feed: 202606201115
Version 1.1 Jun 16, 2026, 9:15 PM New Plugin Feed: 202606162115