MiracleLinux 8 : firefox-140.8.0-2.el8_10.ML.1 (AXSA:2026-248:04)

🗓️ 03 Mar 2026 00:00:00Reported by TenableType

MiracleLinux 8 firefox package affected by AXSA-2026-248-04 with multiple CVEs in JavaScript, DOM, NSS.

Reporter	Title	Published	Views	Family All 2131
FreeBSD	Mozilla -- Heap buffer overflow	16 Feb 202600:00	–	freebsd
FreeBSD	Mozilla -- Undefined behavior in the DOM: Core & HTML component	24 Feb 202600:00	–	freebsd
FreeBSD	Mozilla -- Integer overflow	24 Feb 202600:00	–	freebsd
ATTACKERKB	CVE-2026-2759	24 Feb 202613:32	–	attackerkb
ATTACKERKB	CVE-2026-2761	24 Feb 202613:33	–	attackerkb
ATTACKERKB	CVE-2026-2767	24 Feb 202613:33	–	attackerkb
ATTACKERKB	CVE-2026-2778	24 Feb 202613:33	–	attackerkb
ATTACKERKB	CVE-2026-2768	24 Feb 202613:33	–	attackerkb
ATTACKERKB	CVE-2026-2760	24 Feb 202613:33	–	attackerkb
ATTACKERKB	CVE-2026-2775	24 Feb 202613:33	–	attackerkb

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/23073
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2026-248:04.
##

include('compat.inc');

if (description)
{
  script_id(300408);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");

  script_cve_id(
    "CVE-2026-2447",
    "CVE-2026-2757",
    "CVE-2026-2758",
    "CVE-2026-2759",
    "CVE-2026-2760",
    "CVE-2026-2761",
    "CVE-2026-2762",
    "CVE-2026-2763",
    "CVE-2026-2764",
    "CVE-2026-2765",
    "CVE-2026-2766",
    "CVE-2026-2767",
    "CVE-2026-2768",
    "CVE-2026-2769",
    "CVE-2026-2770",
    "CVE-2026-2771",
    "CVE-2026-2772",
    "CVE-2026-2773",
    "CVE-2026-2774",
    "CVE-2026-2775",
    "CVE-2026-2776",
    "CVE-2026-2777",
    "CVE-2026-2778",
    "CVE-2026-2779",
    "CVE-2026-2780",
    "CVE-2026-2781",
    "CVE-2026-2782",
    "CVE-2026-2783",
    "CVE-2026-2784",
    "CVE-2026-2785",
    "CVE-2026-2786",
    "CVE-2026-2787",
    "CVE-2026-2788",
    "CVE-2026-2789",
    "CVE-2026-2790",
    "CVE-2026-2791",
    "CVE-2026-2792",
    "CVE-2026-2793"
  );

  script_name(english:"MiracleLinux 8 : firefox-140.8.0-2.el8_10.ML.1 (AXSA:2026-248:04)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2026-248:04 advisory.

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
      * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
      * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,
    Firefox 148 and Thunderbird 148 (CVE-2026-2793)
      * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
      * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
      * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External
    Software (CVE-2026-2776)
      * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
      * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
      * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
      * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
      * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
      * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
    (CVE-2026-2783)
      * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
      * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
      * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
      * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
      * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
      * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
      * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
      * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
      * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
      * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and
    Thunderbird 148 (CVE-2026-2792)
      * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
      * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
      * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
      * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component
    (CVE-2026-2757)
      * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
    (CVE-2026-2760)
      * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
      * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
      * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
      * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
      * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
      * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
      * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
      * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
    (CVE-2026-2778)
      * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
      * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
      * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/23073");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-2793");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-2778");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^8([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 8.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '8',
    'pkgs': [
      {'reference':'firefox-140.8.0-2.el8_10.ML.1', 'cpu':'x86_64', 'el_string':'el8_10', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');
}

03 Mar 2026 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.110

EPSS0.00145

SSVC