{"id":"ALSA-2026:21378","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)\n  * firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)\n  * firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)\n  * firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)\n  * firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)\n  * firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)\n  * firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)\n  * firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)\n  * firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)\n  * firefox: Privilege escalation in the Security component (CVE-2026-8970)\n  * firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)\n  * firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)\n  * firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)\n  * firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-05-29T13:44:13.983499949Z","published":"2026-05-27T00:00:00Z","related":["CVE-2026-8388","CVE-2026-8391","CVE-2026-8401","CVE-2026-8946","CVE-2026-8947","CVE-2026-8950","CVE-2026-8953","CVE-2026-8954","CVE-2026-8955","CVE-2026-8956","CVE-2026-8957","CVE-2026-8958","CVE-2026-8961","CVE-2026-8962","CVE-2026-8968","CVE-2026-8970","CVE-2026-8974","CVE-2026-8975"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8388"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8391"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8401"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8946"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8947"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8950"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8953"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8954"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8955"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8956"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8957"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8958"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8961"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8962"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8968"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8970"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8974"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8975"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2476469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2476475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2476492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479839"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479840"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479846"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479848"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479853"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479855"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479871"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479876"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2479880"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2026-21378.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/firefox"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.11.0-1.el9_8.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21378.json"}},{"package":{"name":"firefox-x11","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/firefox-x11"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.11.0-1.el9_8.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21378.json"}}],"schema_version":"1.7.5"}