Security Vulnerabilities fixed in Firefox 151.0.3 — Mozilla

CVE-2026-10701: Incorrect boundary conditions in the Graphics: Text component Reporter taiho kim Impact high References Bug 2038537 CVE-2026-10702: JIT miscompilation in the JavaScript Engine: JIT component Reporter Nebula Security Impact high References Bug 2040903...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

FreeBSD : Mozilla -- Multiple vulnerabilities (32819a60-2943-11f1-8461-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 32819a60-2943-11f1-8461-b42e991fc52e advisory. CVE-2026-4721: Memory safety bugs. Potential arbitrary code execution. CVE-2026-4709: Incorrec...

AlmaLinux 8 : firefox (ALSA-2026:3338)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3338 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

OESA-2026-1285 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in...

openSUSE 16 Security Update : MozillaThunderbird (openSUSE-SU-2026:20046-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20046-1 advisory. Changes in MozillaThunderbird: - Mozilla Thunderbird 140.6.0 ESR MFSA 2025-96 bsc1254551 CVE-2025-14321 bmo1992760 Use-after-free in the WebRTC:...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20014-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20014-1 advisory. Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551:...

MiracleLinux 8 : thunderbird-140.6.0-1.el8_10.ML.1 (AXSA:2026-021:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-021:01 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free...

Amazon Linux 2023 : firefox (ALAS2023-2025-1337)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1337 advisory. Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146 and Firefox ESR 140.6. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

RHEL 9 : firefox (RHSA-2026:0016)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0016 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : firefox (RHSA-2026:0015)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0015 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 7 : firefox (RHSA-2026:0007)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0007 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : thunderbird (RHSA-2026:0023)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0023 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

CLSA-2025-1765986482 webkit2gtk3: Fix of 4 CVEs

CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters - CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks - CVE-2025-43421: fix memory handling issues that cause unexpected process crashes...

Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

AlmaLinux 9 : firefox (ALSA-2025:23034)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23034 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in...

Mozilla Thunderbird < 140.6

The version of Thunderbird installed on the remote Windows host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-96 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146, Firefox ESR 140.6,...

Mozilla Firefox < 146.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-92 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR...