{"id":"RLSA-2026:5930","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)\n\n* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)\n\n* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)\n\n* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)\n\n* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)\n\n* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)\n\n* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)\n\n* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)\n\n* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)\n\n* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)\n\n* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)\n\n* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)\n\n* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)\n\n* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)\n\n* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)\n\n* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-04-07T12:30:25.029480Z","published":"2026-04-07T12:03:55.701474Z","upstream":["CVE-2026-4684","CVE-2026-4685","CVE-2026-4686","CVE-2026-4687","CVE-2026-4688","CVE-2026-4689","CVE-2026-4690","CVE-2026-4691","CVE-2026-4692","CVE-2026-4693","CVE-2026-4694","CVE-2026-4695","CVE-2026-4696","CVE-2026-4697","CVE-2026-4698","CVE-2026-4699","CVE-2026-4700","CVE-2026-4701","CVE-2026-4702","CVE-2026-4704","CVE-2026-4705","CVE-2026-4706","CVE-2026-4707","CVE-2026-4708","CVE-2026-4709","CVE-2026-4710","CVE-2026-4711","CVE-2026-4712","CVE-2026-4713","CVE-2026-4714","CVE-2026-4715","CVE-2026-4716","CVE-2026-4717","CVE-2026-4718","CVE-2026-4719","CVE-2026-4720","CVE-2026-4721"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:5930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450728"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450733"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757"}],"affected":[{"package":{"name":"firefox","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/firefox?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.9.0-1.el9_7"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5930.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}