An update for firefox is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2737 Final 1.0 1.0 2026-06-24 Initial 2026-06-24 2026-06-24 openEuler SA Tool V1.0 2026-06-24 firefox security update An update for firefox is now available for openEuler-24.03-LTS-SP3 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fix(es): Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12289) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12290) Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12292) Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12294) Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12295) Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12297) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12298) JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12299) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12304) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12305) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12306) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12307) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12308) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12309) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12310) Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12311) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12312) Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12313) Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12314) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12315) Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12324) Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12325) Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12327) Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12328) Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.(CVE-2026-12329) Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.(CVE-2026-12330) An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical firefox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12289 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12290 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12291 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12292 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12294 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12295 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12296 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12297 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12298 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12299 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12302 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12304 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12305 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12306 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12307 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12308 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12309 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12310 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12311 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12312 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12313 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12314 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12315 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12324 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12325 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12327 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12328 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12329 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12330 https://nvd.nist.gov/vuln/detail/CVE-2026-12289 https://nvd.nist.gov/vuln/detail/CVE-2026-12290 https://nvd.nist.gov/vuln/detail/CVE-2026-12291 https://nvd.nist.gov/vuln/detail/CVE-2026-12292 https://nvd.nist.gov/vuln/detail/CVE-2026-12294 https://nvd.nist.gov/vuln/detail/CVE-2026-12295 https://nvd.nist.gov/vuln/detail/CVE-2026-12296 https://nvd.nist.gov/vuln/detail/CVE-2026-12297 https://nvd.nist.gov/vuln/detail/CVE-2026-12298 https://nvd.nist.gov/vuln/detail/CVE-2026-12299 https://nvd.nist.gov/vuln/detail/CVE-2026-12302 https://nvd.nist.gov/vuln/detail/CVE-2026-12304 https://nvd.nist.gov/vuln/detail/CVE-2026-12305 https://nvd.nist.gov/vuln/detail/CVE-2026-12306 https://nvd.nist.gov/vuln/detail/CVE-2026-12307 https://nvd.nist.gov/vuln/detail/CVE-2026-12308 https://nvd.nist.gov/vuln/detail/CVE-2026-12309 https://nvd.nist.gov/vuln/detail/CVE-2026-12310 https://nvd.nist.gov/vuln/detail/CVE-2026-12311 https://nvd.nist.gov/vuln/detail/CVE-2026-12312 https://nvd.nist.gov/vuln/detail/CVE-2026-12313 https://nvd.nist.gov/vuln/detail/CVE-2026-12314 https://nvd.nist.gov/vuln/detail/CVE-2026-12315 https://nvd.nist.gov/vuln/detail/CVE-2026-12324 https://nvd.nist.gov/vuln/detail/CVE-2026-12325 https://nvd.nist.gov/vuln/detail/CVE-2026-12327 https://nvd.nist.gov/vuln/detail/CVE-2026-12328 https://nvd.nist.gov/vuln/detail/CVE-2026-12329 https://nvd.nist.gov/vuln/detail/CVE-2026-12330 openEuler-24.03-LTS-SP3 firefox-140.12.0-1.oe2403sp3.x86_64.rpm firefox-debuginfo-140.12.0-1.oe2403sp3.x86_64.rpm firefox-debugsource-140.12.0-1.oe2403sp3.x86_64.rpm firefox-140.12.0-1.oe2403sp3.aarch64.rpm firefox-debuginfo-140.12.0-1.oe2403sp3.aarch64.rpm firefox-debugsource-140.12.0-1.oe2403sp3.aarch64.rpm firefox-140.12.0-1.oe2403sp3.src.rpm Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12289 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12290 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12291 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12292 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12294 openEuler-24.03-LTS-SP3 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12295 openEuler-24.03-LTS-SP3 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12296 openEuler-24.03-LTS-SP3 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12297 openEuler-24.03-LTS-SP3 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12298 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12299 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12302 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12304 openEuler-24.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12305 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12306 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12307 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12308 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12309 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12310 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12311 openEuler-24.03-LTS-SP3 Medium 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12312 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12313 openEuler-24.03-LTS-SP3 Medium 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12314 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12315 openEuler-24.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12324 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12325 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12327 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12328 openEuler-24.03-LTS-SP3 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. 2026-06-24 CVE-2026-12329 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737 Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. 2026-06-24 CVE-2026-12330 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N firefox security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2737