概述
Important: firefox security update
类型/严重性
Security Advisory: Important
标题
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
- firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)
- firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)
- firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (CVE-2026-0891)
- firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-0878)
- firefox: Use-after-free in the IPC component (CVE-2026-0882)
- firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)
- firefox: Information disclosure in the Networking component (CVE-2026-0883)
- firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)
- firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)
- firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)
- firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)
- firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)
- firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x
修复
-
BZ - 2420507
- CVE-2025-14327 firefox: Spoofing issue in the Downloads Panel component
-
BZ - 2428961
- CVE-2026-0885 firefox: Use-after-free in the JavaScript: GC component
-
BZ - 2428963
- CVE-2026-0891 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
-
BZ - 2428965
- CVE-2026-0878 firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
-
BZ - 2428966
- CVE-2026-0882 firefox: Use-after-free in the IPC component
-
BZ - 2428967
- CVE-2026-0884 firefox: Use-after-free in the JavaScript Engine component
-
BZ - 2428968
- CVE-2026-0883 firefox: Information disclosure in the Networking component
-
BZ - 2428969
- CVE-2026-0877 firefox: Mitigation bypass in the DOM: Security component
-
BZ - 2428971
- CVE-2026-0890 firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component
-
BZ - 2428972
- CVE-2026-0887 firefox: Clickjacking issue, information disclosure in the PDF Viewer component
-
BZ - 2428973
- CVE-2026-0879 firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component
-
BZ - 2428975
- CVE-2026-0880 firefox: Sandbox escape due to integer overflow in the Graphics component
-
BZ - 2428978
- CVE-2026-0886 firefox: Incorrect boundary conditions in the Graphics component
备注:
可能有这些软件包的更新版本。
点击软件包名称查看详情。
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| x86_64 |
|
firefox-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a223a579d557d997aa51f2010d4b962fa47476fd70ca2cfc32a34a44d9bfe95e |
|
firefox-debuginfo-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: fe4e84444f6fd18148c6c0cd33e0c21a608fd42ebcaf3af4b0613de5fc02be02 |
|
firefox-debugsource-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a093465066cd44ac8e1299c2cafd9351bf4c92d7bd7fcccfa0f6819bea9b3ed9 |
|
firefox-x11-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: f24043bba3fdd8f251408739d6a3b280fac42b4d932f65319982b4ecbc0cbcc0 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| x86_64 |
|
firefox-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a223a579d557d997aa51f2010d4b962fa47476fd70ca2cfc32a34a44d9bfe95e |
|
firefox-debuginfo-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: fe4e84444f6fd18148c6c0cd33e0c21a608fd42ebcaf3af4b0613de5fc02be02 |
|
firefox-debugsource-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a093465066cd44ac8e1299c2cafd9351bf4c92d7bd7fcccfa0f6819bea9b3ed9 |
|
firefox-x11-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: f24043bba3fdd8f251408739d6a3b280fac42b4d932f65319982b4ecbc0cbcc0 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| s390x |
|
firefox-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 52300be7826000c8bb2225d525978f5b709dcf72642ca3a5343ff272dd60fea8 |
|
firefox-debuginfo-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 3324a338ba3ae0db65b0cd832db08f5096fa4a757aa42f75cdf4e3f1e90fe441 |
|
firefox-debugsource-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 362ed9c92069db864720dcb148cd6d6561fcf1151b8ddea8d17c72a3e832a714 |
|
firefox-x11-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 8032d9c473ef493bfbd121fc474385433de4cf156a7c538927d46b7edeeccadf |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| s390x |
|
firefox-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 52300be7826000c8bb2225d525978f5b709dcf72642ca3a5343ff272dd60fea8 |
|
firefox-debuginfo-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 3324a338ba3ae0db65b0cd832db08f5096fa4a757aa42f75cdf4e3f1e90fe441 |
|
firefox-debugsource-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 362ed9c92069db864720dcb148cd6d6561fcf1151b8ddea8d17c72a3e832a714 |
|
firefox-x11-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 8032d9c473ef493bfbd121fc474385433de4cf156a7c538927d46b7edeeccadf |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| ppc64le |
|
firefox-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 055b8fc6558d424d46da55d3c9b5c8b3b34701e89dfe926e48aa2e3dd756d2db |
|
firefox-debuginfo-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 183f8212e8047e6c95b6e35bac189d6bb5bb2e8cbb4160551af5536442fc40d6 |
|
firefox-debugsource-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 2bea65c9007acd30b8656bf1b738a3f42d59a572ccbf6afb90e2c3ff4005221d |
|
firefox-x11-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 59665eecb2bdb510c16399b98b1cfeda4efbe039af15c43581720629aa21cad7 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| ppc64le |
|
firefox-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 055b8fc6558d424d46da55d3c9b5c8b3b34701e89dfe926e48aa2e3dd756d2db |
|
firefox-debuginfo-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 183f8212e8047e6c95b6e35bac189d6bb5bb2e8cbb4160551af5536442fc40d6 |
|
firefox-debugsource-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 2bea65c9007acd30b8656bf1b738a3f42d59a572ccbf6afb90e2c3ff4005221d |
|
firefox-x11-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 59665eecb2bdb510c16399b98b1cfeda4efbe039af15c43581720629aa21cad7 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| aarch64 |
|
firefox-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: c34da769ca2557e6dfb50fb2031511a35ca6dee5b3e36f4c027ef230ee4fbbf0 |
|
firefox-debuginfo-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: b4b3800a3ea33dc1221a41d45d5774dd40001ac36cba70c64df90b53d148c702 |
|
firefox-debugsource-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 448e5ada6e6993ca7169aa83d39d492917149fc8da993d38bc2ada68c07681df |
|
firefox-x11-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 8a88b069a67abced06d5d1b14ac618b83abd09ebe26d66137bdda03f1692928b |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| aarch64 |
|
firefox-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: c34da769ca2557e6dfb50fb2031511a35ca6dee5b3e36f4c027ef230ee4fbbf0 |
|
firefox-debuginfo-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: b4b3800a3ea33dc1221a41d45d5774dd40001ac36cba70c64df90b53d148c702 |
|
firefox-debugsource-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 448e5ada6e6993ca7169aa83d39d492917149fc8da993d38bc2ada68c07681df |
|
firefox-x11-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 8a88b069a67abced06d5d1b14ac618b83abd09ebe26d66137bdda03f1692928b |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| ppc64le |
|
firefox-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 055b8fc6558d424d46da55d3c9b5c8b3b34701e89dfe926e48aa2e3dd756d2db |
|
firefox-debuginfo-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 183f8212e8047e6c95b6e35bac189d6bb5bb2e8cbb4160551af5536442fc40d6 |
|
firefox-debugsource-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 2bea65c9007acd30b8656bf1b738a3f42d59a572ccbf6afb90e2c3ff4005221d |
|
firefox-x11-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 59665eecb2bdb510c16399b98b1cfeda4efbe039af15c43581720629aa21cad7 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| x86_64 |
|
firefox-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a223a579d557d997aa51f2010d4b962fa47476fd70ca2cfc32a34a44d9bfe95e |
|
firefox-debuginfo-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: fe4e84444f6fd18148c6c0cd33e0c21a608fd42ebcaf3af4b0613de5fc02be02 |
|
firefox-debugsource-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a093465066cd44ac8e1299c2cafd9351bf4c92d7bd7fcccfa0f6819bea9b3ed9 |
|
firefox-x11-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: f24043bba3fdd8f251408739d6a3b280fac42b4d932f65319982b4ecbc0cbcc0 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| aarch64 |
|
firefox-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: c34da769ca2557e6dfb50fb2031511a35ca6dee5b3e36f4c027ef230ee4fbbf0 |
|
firefox-debuginfo-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: b4b3800a3ea33dc1221a41d45d5774dd40001ac36cba70c64df90b53d148c702 |
|
firefox-debugsource-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 448e5ada6e6993ca7169aa83d39d492917149fc8da993d38bc2ada68c07681df |
|
firefox-x11-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 8a88b069a67abced06d5d1b14ac618b83abd09ebe26d66137bdda03f1692928b |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| s390x |
|
firefox-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 52300be7826000c8bb2225d525978f5b709dcf72642ca3a5343ff272dd60fea8 |
|
firefox-debuginfo-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 3324a338ba3ae0db65b0cd832db08f5096fa4a757aa42f75cdf4e3f1e90fe441 |
|
firefox-debugsource-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 362ed9c92069db864720dcb148cd6d6561fcf1151b8ddea8d17c72a3e832a714 |
|
firefox-x11-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 8032d9c473ef493bfbd121fc474385433de4cf156a7c538927d46b7edeeccadf |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| x86_64 |
|
firefox-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a223a579d557d997aa51f2010d4b962fa47476fd70ca2cfc32a34a44d9bfe95e |
|
firefox-debuginfo-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: fe4e84444f6fd18148c6c0cd33e0c21a608fd42ebcaf3af4b0613de5fc02be02 |
|
firefox-debugsource-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: a093465066cd44ac8e1299c2cafd9351bf4c92d7bd7fcccfa0f6819bea9b3ed9 |
|
firefox-x11-140.7.0-1.el9_7.x86_64.rpm
|
SHA-256: f24043bba3fdd8f251408739d6a3b280fac42b4d932f65319982b4ecbc0cbcc0 |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| aarch64 |
|
firefox-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: c34da769ca2557e6dfb50fb2031511a35ca6dee5b3e36f4c027ef230ee4fbbf0 |
|
firefox-debuginfo-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: b4b3800a3ea33dc1221a41d45d5774dd40001ac36cba70c64df90b53d148c702 |
|
firefox-debugsource-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 448e5ada6e6993ca7169aa83d39d492917149fc8da993d38bc2ada68c07681df |
|
firefox-x11-140.7.0-1.el9_7.aarch64.rpm
|
SHA-256: 8a88b069a67abced06d5d1b14ac618b83abd09ebe26d66137bdda03f1692928b |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| ppc64le |
|
firefox-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 055b8fc6558d424d46da55d3c9b5c8b3b34701e89dfe926e48aa2e3dd756d2db |
|
firefox-debuginfo-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 183f8212e8047e6c95b6e35bac189d6bb5bb2e8cbb4160551af5536442fc40d6 |
|
firefox-debugsource-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 2bea65c9007acd30b8656bf1b738a3f42d59a572ccbf6afb90e2c3ff4005221d |
|
firefox-x11-140.7.0-1.el9_7.ppc64le.rpm
|
SHA-256: 59665eecb2bdb510c16399b98b1cfeda4efbe039af15c43581720629aa21cad7 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8
| SRPM |
|
firefox-140.7.0-1.el9_7.src.rpm
|
SHA-256: ad1e2c1df7bfa90295c2f0bd260a72304080a3e1d61602dab7f858114c1554a1 |
| s390x |
|
firefox-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 52300be7826000c8bb2225d525978f5b709dcf72642ca3a5343ff272dd60fea8 |
|
firefox-debuginfo-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 3324a338ba3ae0db65b0cd832db08f5096fa4a757aa42f75cdf4e3f1e90fe441 |
|
firefox-debugsource-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 362ed9c92069db864720dcb148cd6d6561fcf1151b8ddea8d17c72a3e832a714 |
|
firefox-x11-140.7.0-1.el9_7.s390x.rpm
|
SHA-256: 8032d9c473ef493bfbd121fc474385433de4cf156a7c538927d46b7edeeccadf |
