Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
* firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-140.10.0-1.el9_7.alma.1.aarch64.rpm |
8911c99fbef9a29e96680fbed41c72212310c0f258c6a1f566d909818ca52642 |
| aarch64 |
firefox-x11-140.10.0-1.el9_7.alma.1.aarch64.rpm |
95910020b22e78c07443c78e5d02fa843f91a25c84c524e13f76d2ea154a60ea |
| ppc64le |
firefox-x11-140.10.0-1.el9_7.alma.1.ppc64le.rpm |
446d534dad218cc89a1e3df8ac107fa0890e81599c6a368a21a74dbde38ec24f |
| ppc64le |
firefox-140.10.0-1.el9_7.alma.1.ppc64le.rpm |
93e2ac9c624fe4b5405c3bd40bcfd431ec8b9988a600a49192ecc334847121ed |
| s390x |
firefox-x11-140.10.0-1.el9_7.alma.1.s390x.rpm |
779d0dee470d509881b95c8391186bf333398d81320bfe256af597f05e531080 |
| s390x |
firefox-140.10.0-1.el9_7.alma.1.s390x.rpm |
b859822c866139a2542ffbf2735edc8fbe8908c5cb7034b242deae198c9ffbe8 |
| x86_64 |
firefox-x11-140.10.0-1.el9_7.alma.1.x86_64.rpm |
4b1fb9cc53aa4ebe0bf8c073bf455da4774ad20275151c41830518e778401973 |
| x86_64 |
firefox-140.10.0-1.el9_7.alma.1.x86_64.rpm |
c91b8b4ca43493f6956f41bf549e5bddab02154ef0d6e215e940d3d7b57eca73 |
