SUSE-SU-2026:20978-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

Important: firefox

Issue Overview: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and...

AlmaLinux 9 : thunderbird (ALSA-2026:3516)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3516 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...

MiracleLinux 8 : firefox-140.6.0-1.el8_10.ML.1 (AXSA:2025-11551:37)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11551:37 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-fr...

RHEL 9 : thunderbird (RHSA-2026:0003)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0003 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

ALSA-2026:0025 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in the WebRTC: Signaling component CVE-2025-14321 firefox: JIT...

RHEL 8 : thunderbird (RHSA-2026:0024)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0024 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

MGASA-2025-0328 Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

MGASA-2025-0329 Updated thunderbird packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

KLA90817 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in the...