Red Hat Security Advisory: firefox security update
Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in Red Hat Enterprise Linux 8 updates. These include memory safety bugs, information disclosure due to incorrect boundary conditions in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. The update fixes these issues in Firefox ESR 140. 10. 1 and Firefox 150. 0. 1, as well as Thunderbird ESR 140. 10. 1 and Thunderbird 150. 0.
AI Analysis
Technical Summary
This Red Hat security advisory addresses four vulnerabilities in Mozilla Firefox and Thunderbird packages distributed with Red Hat Enterprise Linux 8. The vulnerabilities include memory safety bugs (CVE-2026-7322, CVE-2026-7323), an information disclosure issue caused by incorrect boundary conditions in the Audio/Video component (CVE-2026-7320), and a sandbox escape vulnerability in the WebRTC networking component due to incorrect boundary conditions (CVE-2026-7321). These issues were fixed in Firefox ESR 140.10.1 and Firefox 150.0.1, and corresponding Thunderbird versions. The advisory provides updated packages for multiple architectures and extended life cycle versions. The vendor rates the security impact as Important and provides instructions for applying the update.
Potential Impact
The vulnerabilities fixed include memory safety bugs that could lead to crashes or potential code execution, information disclosure through incorrect boundary checks in audio/video processing, and a sandbox escape vulnerability in WebRTC networking. These issues could allow an attacker to bypass security boundaries or leak sensitive information. The Red Hat advisory classifies the overall impact as Important, indicating a high severity but not critical. There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages (version 140.10.1 and 150.0.1) that address these vulnerabilities. Users of Red Hat Enterprise Linux 8 and related distributions should apply these official patches as soon as possible. Detailed instructions for applying the update are available in the Red Hat advisory (https://access.redhat.com/articles/11258). Since official fixes are available, applying these updates is the recommended and effective mitigation.
Red Hat Security Advisory: firefox security update
Description
Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in Red Hat Enterprise Linux 8 updates. These include memory safety bugs, information disclosure due to incorrect boundary conditions in the Audio/Video component, and a sandbox escape vulnerability in the WebRTC networking component. The update fixes these issues in Firefox ESR 140. 10. 1 and Firefox 150. 0. 1, as well as Thunderbird ESR 140. 10. 1 and Thunderbird 150. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory addresses four vulnerabilities in Mozilla Firefox and Thunderbird packages distributed with Red Hat Enterprise Linux 8. The vulnerabilities include memory safety bugs (CVE-2026-7322, CVE-2026-7323), an information disclosure issue caused by incorrect boundary conditions in the Audio/Video component (CVE-2026-7320), and a sandbox escape vulnerability in the WebRTC networking component due to incorrect boundary conditions (CVE-2026-7321). These issues were fixed in Firefox ESR 140.10.1 and Firefox 150.0.1, and corresponding Thunderbird versions. The advisory provides updated packages for multiple architectures and extended life cycle versions. The vendor rates the security impact as Important and provides instructions for applying the update.
Potential Impact
The vulnerabilities fixed include memory safety bugs that could lead to crashes or potential code execution, information disclosure through incorrect boundary checks in audio/video processing, and a sandbox escape vulnerability in WebRTC networking. These issues could allow an attacker to bypass security boundaries or leak sensitive information. The Red Hat advisory classifies the overall impact as Important, indicating a high severity but not critical. There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Firefox and Thunderbird packages (version 140.10.1 and 150.0.1) that address these vulnerabilities. Users of Red Hat Enterprise Linux 8 and related distributions should apply these official patches as soon as possible. Detailed instructions for applying the update are available in the Red Hat advisory (https://access.redhat.com/articles/11258). Since official fixes are available, applying these updates is the recommended and effective mitigation.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19588
- Cve Count
- 4
- Additional Cves
- ["CVE-2026-7321","CVE-2026-7322","CVE-2026-7323"]
- Cvss Version
- null
Threat ID: 6a160980e29bf47b5064dc39
Added to database: 5/26/2026, 8:58:40 PM
Last enriched: 5/26/2026, 10:28:28 PM
Last updated: 5/27/2026, 4:56:47 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.