ALSA-2026:7672

[ALSA-2026:7672] Important: firefox security update

Type:

security

Severity:

important

Release date:

2026-04-15

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

Security Fix(es):  

  * libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)
  * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)
  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)
  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)
  * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	firefox-140.9.1-1.el10_1.aarch64.rpm	a2e7246e7f4450aecae4037687e18312a74f3f724442b75a7f59ef173f8efcbb
ppc64le	firefox-140.9.1-1.el10_1.ppc64le.rpm	c3c1b0734c657160f39aa90307bb98a9ceedd9a877c9ba31b3e0464373feb889
s390x	firefox-140.9.1-1.el10_1.s390x.rpm	6fd30364af5877720b9289dc5acaad3fe1df772d96e4c9283cbbe16e4b553314
x86_64	firefox-140.9.1-1.el10_1.x86_64.rpm	c75bea798fdca2ab0177a8042be73eacd87d2eb3dfc084c51e56cfc05a2e6906
x86_64_v2	firefox-140.9.1-1.el10_1.x86_64_v2.rpm	b62afcb6e8d548d6f7ee0cb46b4a85ba9dc3773ce0c08a05fa646a55be71066b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.