This Red Hat security advisory addresses multiple high-severity vulnerabilities in Firefox and Thunderbird, including memory safety bugs, an information disclosure flaw in the Audio/Video component, and a sandbox escape in the WebRTC networking component. Affected versions are Mozilla Firefox prior to 140.10.1 and 150.0.1, and Mozilla Thunderbird prior to 140.10.1 and 150.0.1, with specific earlier branches also impacted per NVD data. The fix requires updating to Firefox ESR 140.10.1, Firefox 150.0.1, Thunderbird ESR 140.10.1, or Thunderbird 150.0.1 as specified in the associated CVEs.
Red Hat Product Errata RHSA-2026:22410 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22410 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323) firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320) firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322) firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVEs CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f x86_64 firefox-140.10.1-1.el9_2.x86_64.rpm SHA-256: 29a976eaf5d1ae0539909bc5554872faaf43334f1e388cb6ba634dea52668237 firefox-debuginfo-140.10.1-1.el9_2.x86_64.rpm SHA-256: c4e699a4656320fb4c4308a713fb4df131ff435dc3b8688aa84cb90fccb61b99 firefox-debugsource-140.10.1-1.el9_2.x86_64.rpm SHA-256: d49fd1f76e17638c1f3a77d54ddb6a285c736a8bd8ae3f3e778b8f2efda18441 firefox-x11-140.10.1-1.el9_2.x86_64.rpm SHA-256: bd12b867b5060fe17f99f1835a17561a6b5badba960a6f97ce311b57c6ea5648 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f ppc64le firefox-140.10.1-1.el9_2.ppc64le.rpm SHA-256: 3d9271cb4b2b81d0365ec89573fb33957d90756a48ce54b086b5bebdd770bb9f firefox-debuginfo-140.10.1-1.el9_2.ppc64le.rpm SHA-256: c6a77fddafc2fe53e114263c09ee2d34eac1ef0e250da935aed0421ba1028b6c firefox-debugsource-140.10.1-1.el9_2.ppc64le.rpm SHA-256: bcf19d8999e7f7de9cf76a1ee5248f268ac791ff9ffb7f42705007342adcb966 firefox-x11-140.10.1-1.el9_2.ppc64le.rpm SHA-256: 57d758d2e90fc86a8b43bcbcb8da07ab9aa3c4ac9679bf68a2a79e51adae62ed Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f x86_64 firefox-140.10.1-1.el9_2.x86_64.rpm SHA-256: 29a976eaf5d1ae0539909bc5554872faaf43334f1e388cb6ba634dea52668237 firefox-debuginfo-140.10.1-1.el9_2.x86_64.rpm SHA-256: c4e699a4656320fb4c4308a713fb4df131ff435dc3b8688aa84cb90fccb61b99 firefox-debugsource-140.10.1-1.el9_2.x86_64.rpm SHA-256: d49fd1f76e17638c1f3a77d54ddb6a285c736a8bd8ae3f3e778b8f2efda18441 firefox-x11-140.10.1-1.el9_2.x86_64.rpm SHA-256: bd12b867b5060fe17f99f1835a17561a6b5badba960a6f97ce311b57c6ea5648 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f aarch64 firefox-140.10.1-1.el9_2.aarch64.rpm SHA-256: 44d72c5465a9d0cb60134b6d2bdb4cb2f07787953fa3e626b48c96b82f2ed294 firefox-debuginfo-140.10.1-1.el9_2.aarch64.rpm SHA-256: fd3ba9a767b9f4e2e90f513199ec4c84a8c0eb4da517f6832bb528e7b1bdad2d firefox-debugsource-140.10.1-1.el9_2.aarch64.rpm SHA-256: e3ff71bc9a11a7bc2331aa6b553347e6f55f65a266abc3b6f68a4d4a2928fd84 firefox-x11-140.10.1-1.el9_2.aarch64.rpm SHA-256: c6b3e78008b22d516f76c150beb6b7179b4ddeb0f1818108921436d6827812ad Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f s390x firefox-140.10.1-1.el9_2.s390x.rpm SHA-256: e06a4e82ea82e63dd6ba06edff94113bff4ed24aabfaa4732aa96ad8b7dabfaf firefox-debuginfo-140.10.1-1.el9_2.s390x.rpm SHA-256: cff59e80f6d76ad0a227d5a17877c471d1b48e0ded69a0a22857a95439d306fe firefox-debugsource-140.10.1-1.el9_2.s390x.rpm SHA-256: 581bf6d36f859e0202569581c5da1662c572615030ef3db8bacc13f41c75f022 firefox-x11-140.10.1-1.el9_2.s390x.rpm SHA-256: 61aa3409942177b2a1639ae4dd6bd579f171eba67c8d5a52c52bdad62d696d10 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f x86_64 firefox-140.10.1-1.el9_2.x86_64.rpm SHA-256: 29a976eaf5d1ae0539909bc5554872faaf43334f1e388cb6ba634dea52668237 firefox-debuginfo-140.10.1-1.el9_2.x86_64.rpm SHA-256: c4e699a4656320fb4c4308a713fb4df131ff435dc3b8688aa84cb90fccb61b99 firefox-debugsource-140.10.1-1.el9_2.x86_64.rpm SHA-256: d49fd1f76e17638c1f3a77d54ddb6a285c736a8bd8ae3f3e778b8f2efda18441 firefox-x11-140.10.1-1.el9_2.x86_64.rpm SHA-256: bd12b867b5060fe17f99f1835a17561a6b5badba960a6f97ce311b57c6ea5648 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f aarch64 firefox-140.10.1-1.el9_2.aarch64.rpm SHA-256: 44d72c5465a9d0cb60134b6d2bdb4cb2f07787953fa3e626b48c96b82f2ed294 firefox-debuginfo-140.10.1-1.el9_2.aarch64.rpm SHA-256: fd3ba9a767b9f4e2e90f513199ec4c84a8c0eb4da517f6832bb528e7b1bdad2d firefox-debugsource-140.10.1-1.el9_2.aarch64.rpm SHA-256: e3ff71bc9a11a7bc2331aa6b553347e6f55f65a266abc3b6f68a4d4a2928fd84 firefox-x11-140.10.1-1.el9_2.aarch64.rpm SHA-256: c6b3e78008b22d516f76c150beb6b7179b4ddeb0f1818108921436d6827812ad Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f ppc64le firefox-140.10.1-1.el9_2.ppc64le.rpm SHA-256: 3d9271cb4b2b81d0365ec89573fb33957d90756a48ce54b086b5bebdd770bb9f firefox-debuginfo-140.10.1-1.el9_2.ppc64le.rpm SHA-256: c6a77fddafc2fe53e114263c09ee2d34eac1ef0e250da935aed0421ba1028b6c firefox-debugsource-140.10.1-1.el9_2.ppc64le.rpm SHA-256: bcf19d8999e7f7de9cf76a1ee5248f268ac791ff9ffb7f42705007342adcb966 firefox-x11-140.10.1-1.el9_2.ppc64le.rpm SHA-256: 57d758d2e90fc86a8b43bcbcb8da07ab9aa3c4ac9679bf68a2a79e51adae62ed Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM firefox-140.10.1-1.el9_2.src.rpm SHA-256: c6ff915ce08f5b7ef37a9a2aabe983ee9464a7701711ab8d54f992149ba7cf3f s390x firefox-140.10.1-1.el9_2.s390x.rpm SHA-256: e06a4e82ea82e63dd6ba06edff94113bff4ed24aabfaa4732aa96ad8b7dabfaf firefox-debuginfo-140.10.1-1.el9_2.s390x.rpm SHA-256: cff59e80f6d76ad0a227d5a17877c471d1b48e0ded69a0a22857a95439d306fe firefox-debugsource-140.10.1-1.el9_2.s390x.rpm SHA-256: 581bf6d36f859e0202569581c5da1662c572615030ef3db8bacc13f41c75f022 firefox-x11-140.10.1-1.el9_2.s390x.rpm SHA-256: 61aa3409942177b2a1639ae4dd6bd579f171eba67c8d5a52c52bdad62d696d10 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .