Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 140.8.0 ESR (bsc#1258568)
- CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component
- CVE-2026-2758: Use-after-free in the JavaScript: GC component
- CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component
- CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
- CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
- CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
- CVE-2026-2763: Use-after-free in the JavaScript Engine component
- CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2765: Use-after-free in the JavaScript Engine component
- CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
- CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
- CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
- CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
- CVE-2026-2771: Undefined behavior in the DOM: Core HTML component
- CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
- CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
- CVE-2026-2774: Integer overflow in the Audio/Video component
- CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
- CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
- CVE-2026-2777: Privilege escalation in the Messaging System component
- CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core HTML component
- CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
- CVE-2026-2780: Privilege escalation in the Netmonitor component
- CVE-2026-2781: Integer overflow in the Libraries component in NSS
- CVE-2026-2782: Privilege escalation in the Netmonitor component
- CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
- CVE-2026-2784: Mitigation bypass in the DOM: Security component
- CVE-2026-2785: Invalid pointer in the JavaScript Engine component
- CVE-2026-2786: Use-after-free in the JavaScript Engine component
- CVE-2026-2787: Use-after-free in the DOM: Window and Location component
- CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
- CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
- CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
- CVE-2026-2791: Mitigation bypass in the Networking: Cache component
- CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
- CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1258568
- SUSE CVE CVE-2026-2757 page
- SUSE CVE CVE-2026-2758 page
- SUSE CVE CVE-2026-2759 page
- SUSE CVE CVE-2026-2760 page
- SUSE CVE CVE-2026-2761 page
- SUSE CVE CVE-2026-2762 page
- SUSE CVE CVE-2026-2763 page
- SUSE CVE CVE-2026-2764 page
- SUSE CVE CVE-2026-2765 page
- SUSE CVE CVE-2026-2766 page
- SUSE CVE CVE-2026-2767 page
- SUSE CVE CVE-2026-2768 page
- SUSE CVE CVE-2026-2769 page
- SUSE CVE CVE-2026-2770 page
- SUSE CVE CVE-2026-2771 page
- SUSE CVE CVE-2026-2772 page
- SUSE CVE CVE-2026-2773 page
- SUSE CVE CVE-2026-2774 page
Описание
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2757
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2758
- SUSE Bug 1258568
Описание
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2759
- SUSE Bug 1258568
Описание
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2760
- SUSE Bug 1258568
Описание
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2761
- SUSE Bug 1258568
Описание
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2762
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2763
- SUSE Bug 1258568
Описание
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2764
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2765
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2766
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2767
- SUSE Bug 1258568
Описание
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2768
- SUSE Bug 1258568
Описание
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2769
- SUSE Bug 1258568
Описание
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2770
- SUSE Bug 1258568
Описание
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2771
- SUSE Bug 1258568
Описание
Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2772
- SUSE Bug 1258568
Описание
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2773
- SUSE Bug 1258568
Описание
Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2774
- SUSE Bug 1258568
Описание
Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2775
- SUSE Bug 1258568
Описание
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2776
- SUSE Bug 1258568
Описание
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2777
- SUSE Bug 1258568
Описание
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2778
- SUSE Bug 1258568
Описание
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2779
- SUSE Bug 1258568
Описание
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2780
- SUSE Bug 1258568
Описание
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2781
- SUSE Bug 1258568
Описание
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2782
- SUSE Bug 1258568
Описание
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2783
- SUSE Bug 1258568
Описание
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2784
- SUSE Bug 1258568
Описание
Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2785
- SUSE Bug 1258568
Описание
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2786
- SUSE Bug 1258568
Описание
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2787
- SUSE Bug 1258568
Описание
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2788
- SUSE Bug 1258568
Описание
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2789
- SUSE Bug 1258568
Описание
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2790
- SUSE Bug 1258568
Описание
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2791
- SUSE Bug 1258568
Описание
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2792
- SUSE Bug 1258568
Описание
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Затронутые продукты
Ссылки
- CVE-2026-2793
- SUSE Bug 1258568