Mozilla Firefox ESR < 115.37

🗓️ 16 Jun 2026 00:00:00Reported by TenableType

Firefox ESR before 115.37 on macOS has multiple CVEs including memory safety, WebRender escalation, HTTP use-after-free, and DOM Workers sandbox escape.

Reporter	Title	Published	Views	Family All 108
AlpineLinux	CVE-2026-12289	16 Jun 202611:52	–	alpinelinux
AlpineLinux	CVE-2026-12299	16 Jun 202611:52	–	alpinelinux
AlpineLinux	CVE-2026-12328	16 Jun 202611:53	–	alpinelinux
Circl	CVE-2026-12289	16 Jun 202617:01	–	circl
Circl	CVE-2026-12325	16 Jun 202614:13	–	circl
Circl	CVE-2026-12328	16 Jun 202614:58	–	circl
Circl	CVE-2026-12330	16 Jun 202614:25	–	circl
CVE	CVE-2026-12289	16 Jun 202611:52	–	cve
CVE	CVE-2026-12290	16 Jun 202611:52	–	cve
CVE	CVE-2026-12291	16 Jun 202611:52	–	cve

Source	Link
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2026-59/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
## 
# (C) Tenable, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2026-59.
# The text itself is copyright (C) Mozilla Foundation.
## 

include('compat.inc');

if (description)
{
  script_id(321203);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/16");

  script_cve_id(
    "CVE-2026-12289",
    "CVE-2026-12290",
    "CVE-2026-12291",
    "CVE-2026-12294",
    "CVE-2026-12295",
    "CVE-2026-12297",
    "CVE-2026-12299",
    "CVE-2026-12302",
    "CVE-2026-12325",
    "CVE-2026-12328",
    "CVE-2026-12330"
  );

  script_name(english:"Mozilla Firefox ESR < 115.37");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.37. It is, therefore, affected
by multiple vulnerabilities as referenced in the mfsa2026-59 advisory.

  - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151
    and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with
    enough effort some of these could have been exploited to run arbitrary code. (CVE-2026-12328)

  - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, and Firefox ESR 115.37. (CVE-2026-12289)

  - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,
    and Firefox ESR 115.37. (CVE-2026-12290)

  - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, and Firefox ESR 115.37. (CVE-2026-12291)

  - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, and Firefox ESR 115.37. (CVE-2026-12294)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2026-59/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox ESR version 115.37 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-12328");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("installed_sw/Mozilla Firefox ESR");

  exit(0);
}

include('vdf.inc');

# @tvdl-content-verify-only
var vuln_data = {
  "metadata": {
    "spec_version": "1.0"
  },
  "requires": [
    {
      "scope": "target",
      "match": {
        "os": "macos"
      }
    }
  ],
  "checks": [
    {
      "product": {
        "name": "Mozilla Firefox ESR",
        "type": "app"
      },
      "check_algorithm": "default",
      "constraints": [
        {
          "min_version": "115.0.0",
          "fixed_version": "115.37"
        }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

16 Jun 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.8

SSVC