firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...

RHEL 8 : firefox (RHSA-2026:3491)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3491 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

ALSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

ALSA-2026:3517 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

ALSA-2026:3515 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

RHEL 8 : firefox (RHSA-2026:3492)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3492 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

RockyLinux 8 : firefox (RLSA-2026:3338)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3338 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bug...

RockyLinux 9 : firefox (RLSA-2026:3339)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3339 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bug...

OESA-2026-1473 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

RHEL 8 : firefox (RHSA-2026:3338)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3338 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

GHSA-23C5-XMQV-RM74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...

firefox security update

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

RLSA-2026:3361 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

RLSA-2026:3339 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

RLSA-2026:3338 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

CVE-2026-27904

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...