Red Hat Security Advisory: firefox security update
Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in Red Hat Enterprise Linux 9 updates. These include memory safety bugs, information disclosure due to incorrect boundary conditions in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. The update fixes these issues in Firefox ESR 140. 10. 1 and Firefox 150. 0. 1, as well as Thunderbird ESR 140. 10. 1 and Thunderbird 150. 0.
AI Analysis
Technical Summary
This advisory covers four security vulnerabilities in Mozilla Firefox and Thunderbird as packaged for Red Hat Enterprise Linux 9. The issues include memory safety bugs (CVE-2026-7322, CVE-2026-7323), an information disclosure vulnerability caused by incorrect boundary conditions in the Audio/Video component (CVE-2026-7320), and a sandbox escape vulnerability due to incorrect boundary conditions in the WebRTC networking component (CVE-2026-7321). These vulnerabilities affect Firefox ESR 140.10.1, Firefox 150.0.1, Thunderbird ESR 140.10.1, and Thunderbird 150.0.1. Red Hat has released updated packages to fix these issues, which are available for multiple architectures including x86_64, s390x, ppc64le, and aarch64. The advisory references Red Hat's errata RHSA-2026:19370 and directs users to apply the updates as per Red Hat's guidance.
Potential Impact
The vulnerabilities include memory safety bugs that could lead to crashes or potential code execution, information disclosure from incorrect boundary checks in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. These issues could compromise the confidentiality and integrity of user data or allow an attacker to escape sandbox restrictions. Red Hat classifies the security impact as Important (high severity). There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages (e.g., firefox-140.10.1-1.el9_8) that address these vulnerabilities. Users should apply these official updates promptly following Red Hat's published instructions at https://access.redhat.com/articles/11258. Since this is an on-premises product, remediation requires manual update by system administrators. No additional mitigations or workarounds are specified in the advisory.
Red Hat Security Advisory: firefox security update
Description
Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in Red Hat Enterprise Linux 9 updates. These include memory safety bugs, information disclosure due to incorrect boundary conditions in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. The update fixes these issues in Firefox ESR 140. 10. 1 and Firefox 150. 0. 1, as well as Thunderbird ESR 140. 10. 1 and Thunderbird 150. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers four security vulnerabilities in Mozilla Firefox and Thunderbird as packaged for Red Hat Enterprise Linux 9. The issues include memory safety bugs (CVE-2026-7322, CVE-2026-7323), an information disclosure vulnerability caused by incorrect boundary conditions in the Audio/Video component (CVE-2026-7320), and a sandbox escape vulnerability due to incorrect boundary conditions in the WebRTC networking component (CVE-2026-7321). These vulnerabilities affect Firefox ESR 140.10.1, Firefox 150.0.1, Thunderbird ESR 140.10.1, and Thunderbird 150.0.1. Red Hat has released updated packages to fix these issues, which are available for multiple architectures including x86_64, s390x, ppc64le, and aarch64. The advisory references Red Hat's errata RHSA-2026:19370 and directs users to apply the updates as per Red Hat's guidance.
Potential Impact
The vulnerabilities include memory safety bugs that could lead to crashes or potential code execution, information disclosure from incorrect boundary checks in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. These issues could compromise the confidentiality and integrity of user data or allow an attacker to escape sandbox restrictions. Red Hat classifies the security impact as Important (high severity). There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages (e.g., firefox-140.10.1-1.el9_8) that address these vulnerabilities. Users should apply these official updates promptly following Red Hat's published instructions at https://access.redhat.com/articles/11258. Since this is an on-premises product, remediation requires manual update by system administrators. No additional mitigations or workarounds are specified in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19370
- Cve Count
- 4
- Additional Cves
- ["CVE-2026-7321","CVE-2026-7322","CVE-2026-7323"]
- Cvss Version
- null
Threat ID: 6a16097de29bf47b50649deb
Added to database: 5/26/2026, 8:58:37 PM
Last enriched: 5/26/2026, 10:48:35 PM
Last updated: 5/27/2026, 4:54:10 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.