Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Firefox Browser: Security Update to Fix Multiple Critical Flaws
RLSA-2026:5932
Summary
Firefox has released a security update to fix multiple critical bugs that could allow hackers to take control of your computer, steal sensitive information, or disrupt your browsing experience. Affected versions of Firefox and Thunderbird need to be updated as soon as possible to prevent potential security risks. Update to the latest version to ensure your browser remains secure.
What to do
- Update firefox to version 0:140.9.0-1.el8_10.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | firefox | <= 0:140.9.0-1.el8_10 | 0:140.9.0-1.el8_10 |
Original title
Important: firefox security update
Original description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
7.5
- https://errata.rockylinux.org/RLSA-2026:5932 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450710 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450711 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450712 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450713 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450714 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450715 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450718 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450719 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450720 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450721 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450722 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450723 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450724 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450725 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450726 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450727 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450728 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450729 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450730 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450732 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450733 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450734 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450735 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450738 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450739 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450740 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450741 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450742 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450744 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450746 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450747 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450748 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450751 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450752 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450755 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450756 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450757 Third Party Advisory
Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026