Vulnerability · NVD

CVE-2026-12303

MEDIUM 4.3 Published on 2026-06-16

Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

Attack vector : Network No privileges required

Show raw CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Mozilla Thunderbird Windows winget:Mozilla.Thunderbird

Affected <152.0.0 Fixed in 152.0.0 Latest tracked 152.0 patched

Observed affected builds (121)

151.0 150.0.2 150.0.1 150.0 149.0.2 149.0.1 149.0 148.0.1 148.0 147.0.2 147.0.1 147.0 146.0.1 146.0 145.0 144.0.1 144.0 143.0.1 143.0 142.0 141.0 140.0.1 140.0 139.0.2 139.0.1 139.0 138.0.2 138.0.1 138.0 137.0.2 +91 · see history

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	thunderbird All platforms (wildcard)	All platforms (wildcard)	<152.0.0	cpe:2.3:a:mozilla:thunderbird:::::-:::*

View on NVD ↗ Advisory · www.mozilla.org