Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Firefox and Thunderbird Security Updates Needed
RLSA-2026:19588
Summary
Firefox and Thunderbird users need to update their software to fix security issues that could allow hackers to steal data or take control of their computers. These updates are available now, and it's essential to install them to protect your information and your computer. If you use Firefox or Thunderbird, check for updates and install the latest versions.
What to do
- Update firefox to version 0:140.10.1-1.el8_10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Rocky Linux:8 | – | firefox |
< 0:140.10.1-1.el8_10 Fix: upgrade to 0:140.10.1-1.el8_10
|
Original title
Important: firefox security update
Original description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323)
* firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320)
* firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322)
* firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323)
* firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320)
* firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322)
* firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
8.8
- https://errata.rockylinux.org/RLSA-2026:19588 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2463481 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2463483 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2463484 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2463485 Third Party Advisory
Published: 23 May 2026 · Updated: 29 May 2026 · First seen: 29 May 2026