ALSA-2026:10767

[ALSA-2026:10767] Important: firefox security update

Type:

security

Severity:

important

Release date:

2026-04-29

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
  * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
  * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
  * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
  * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
  * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
  * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
  * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
  * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
  * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
  * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
  * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
  * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
  * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
  * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
  * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
  * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
  * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
  * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
  * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-140.10.0-1.el10_1.aarch64.rpm	60e887ca9945db4610c66d2ceed328670969e7efe5a809579bfaa030c86a7185
ppc64le	firefox-140.10.0-1.el10_1.ppc64le.rpm	760d52cfe3d01985c3f175d5c70f2993a4ec527de019c3703dcc77e5dab44ffa
s390x	firefox-140.10.0-1.el10_1.s390x.rpm	de3cc0433509ec4a6bb9222454227a1fc84744c68eb2e898c4030e6cb68a42d6
x86_64	firefox-140.10.0-1.el10_1.x86_64.rpm	7f4041147b39174bca3d675a0e2eaa95bd2013f15204893840fe2c48dc0c47ad
x86_64_v2	firefox-140.10.0-1.el10_1.x86_64_v2.rpm	302fc303876fd64395c5991d26e5bdbae159d36283e980038e18183674f541c0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.