Red Hat Product Errata RHSA-2026:5931 - Security Advisory
Issued:
2026-03-26
Updated:
2026-03-26

RHSA-2026:5931 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
  • firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
  • firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
  • firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
  • firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
  • firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
  • firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
  • firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
  • firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
  • firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
  • firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
  • firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
  • firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
  • firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
  • firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
  • firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
  • firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
  • firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
  • firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64

Fixes

  • BZ - 2450710 - CVE-2026-4701 firefox: thunderbird: Use-after-free in the JavaScript Engine component
  • BZ - 2450711 - CVE-2026-4721 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
  • BZ - 2450712 - CVE-2026-4717 firefox: thunderbird: Privilege escalation in the Netmonitor component
  • BZ - 2450713 - CVE-2026-4688 firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
  • BZ - 2450714 - CVE-2026-4706 firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
  • BZ - 2450715 - CVE-2026-4695 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component
  • BZ - 2450718 - CVE-2026-4689 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
  • BZ - 2450719 - CVE-2026-4698 firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
  • BZ - 2450720 - CVE-2026-4716 firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
  • BZ - 2450721 - CVE-2026-4684 firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component
  • BZ - 2450722 - CVE-2026-4705 firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
  • BZ - 2450723 - CVE-2026-4715 firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component
  • BZ - 2450724 - CVE-2026-4685 firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
  • BZ - 2450725 - CVE-2026-4714 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component
  • BZ - 2450726 - CVE-2026-4709 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component
  • BZ - 2450727 - CVE-2026-4710 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component
  • BZ - 2450728 - CVE-2026-4712 firefox: thunderbird: Information disclosure in the Widget: Cocoa component
  • BZ - 2450729 - CVE-2026-4697 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component
  • BZ - 2450730 - CVE-2026-4713 firefox: thunderbird: Incorrect boundary conditions in the Graphics component
  • BZ - 2450732 - CVE-2026-4690 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
  • BZ - 2450733 - CVE-2026-4711 firefox: thunderbird: Use-after-free in the Widget: Cocoa component
  • BZ - 2450734 - CVE-2026-4686 firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
  • BZ - 2450735 - CVE-2026-4708 firefox: thunderbird: Incorrect boundary conditions in the Graphics component
  • BZ - 2450738 - CVE-2026-4691 firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
  • BZ - 2450739 - CVE-2026-4699 firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component
  • BZ - 2450740 - CVE-2026-4696 firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component
  • BZ - 2450741 - CVE-2026-4693 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component
  • BZ - 2450742 - CVE-2026-4718 firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
  • BZ - 2450744 - CVE-2026-4702 firefox: thunderbird: JIT miscompilation in the JavaScript Engine component
  • BZ - 2450746 - CVE-2026-4719 firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
  • BZ - 2450747 - CVE-2026-4694 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component
  • BZ - 2450748 - CVE-2026-4692 firefox: thunderbird: Sandbox escape in the Responsive Design Mode component
  • BZ - 2450751 - CVE-2026-4720 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
  • BZ - 2450752 - CVE-2026-4700 firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
  • BZ - 2450755 - CVE-2026-4707 firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
  • BZ - 2450756 - CVE-2026-4704 firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component
  • BZ - 2450757 - CVE-2026-4687 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component

Red Hat Enterprise Linux for x86_64 10

SRPM
firefox-140.9.0-1.el10_1.src.rpm SHA-256: 426ccfc88323e10c7599c6e47a8e31baf74d8885a90c1666e3503951c494e676
x86_64
firefox-140.9.0-1.el10_1.x86_64.rpm SHA-256: b8a0952b4055eefaa6ddcf9f24113c3acbba36bad69285bbdb3e7205b662c578
firefox-debuginfo-140.9.0-1.el10_1.x86_64.rpm SHA-256: fa7863d2a19689ec46d711b60d3d7b329d0c0be5b6f0a478d26ebd7451a85455
firefox-debugsource-140.9.0-1.el10_1.x86_64.rpm SHA-256: 762fbefe2b9007a44804a9d6b33fe2a519ec36ae8621fab52f4043713d062649

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
firefox-140.9.0-1.el10_1.src.rpm SHA-256: 426ccfc88323e10c7599c6e47a8e31baf74d8885a90c1666e3503951c494e676
s390x
firefox-140.9.0-1.el10_1.s390x.rpm SHA-256: b60940fb747e296988c9f7a46ff5c830034ff68743593ae3bfbc8fa54c7c9532
firefox-debuginfo-140.9.0-1.el10_1.s390x.rpm SHA-256: 3dbde99a5c5da580c82a18e54be2d09d25f2652e6349d5726fb92ff18246393f
firefox-debugsource-140.9.0-1.el10_1.s390x.rpm SHA-256: d2fd9b745aeecfda663290215901d3f31cfd531df71c2db56d40ebae89761a41

Red Hat Enterprise Linux for Power, little endian 10

SRPM
firefox-140.9.0-1.el10_1.src.rpm SHA-256: 426ccfc88323e10c7599c6e47a8e31baf74d8885a90c1666e3503951c494e676
ppc64le
firefox-140.9.0-1.el10_1.ppc64le.rpm SHA-256: 829d18fefd144832980e7e23fe8eb1597e204198e5eb291b7f118b51adacd281
firefox-debuginfo-140.9.0-1.el10_1.ppc64le.rpm SHA-256: 3bbc8b7cc7c70ec518f07242ac0b081aae6a958700fe0df7de78dce8d30817d2
firefox-debugsource-140.9.0-1.el10_1.ppc64le.rpm SHA-256: 14280ba132baa9afd274319c1e722478846592ea55c74d0760d6951248f63fac

Red Hat Enterprise Linux for ARM 64 10

SRPM
firefox-140.9.0-1.el10_1.src.rpm SHA-256: 426ccfc88323e10c7599c6e47a8e31baf74d8885a90c1666e3503951c494e676
aarch64
firefox-140.9.0-1.el10_1.aarch64.rpm SHA-256: 4f08f7823b3c67dd677f98f8e1c8525f7eefae2a4588603e495e1cbb0a89696b
firefox-debuginfo-140.9.0-1.el10_1.aarch64.rpm SHA-256: fd5335dcbdd83e6b422d04313551cf3160656dfee8259504560f49d2d9a56f34
firefox-debugsource-140.9.0-1.el10_1.aarch64.rpm SHA-256: 3ed526d1d5d56c76ca1a4df5a111f36cbe4ab6032a4c92bdc29e91cd9956cabd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.