This Red Hat security advisory addresses multiple high-severity vulnerabilities in Firefox and Thunderbird, including memory safety bugs (CVE-2026-7323, CVSS 7.3), an information disclosure flaw in the Audio/Video component (CVE-2026-7320, CVSS 7.5), and a sandbox escape in the WebRTC Networking component (CVE-2026-7321). Affected versions include Firefox versions prior to 115.35.1, 140.10.1, and 150.0.1, as well as Thunderbird versions prior to 140.10.1 and 150.0.1, depending on the specific CVE. The fix requires updating to the patched versions specified for each vulnerability.
Red Hat Product Errata RHSA-2026:22409 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22409 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323) firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320) firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322) firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVEs CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 x86_64 firefox-140.10.1-1.el9_6.x86_64.rpm SHA-256: 43123345892276eb9b386c1e109c350ad870dee2b671d4cb00b7bf08b8313e73 firefox-debuginfo-140.10.1-1.el9_6.x86_64.rpm SHA-256: d41ea274ec9321bfb8dc1a8736bef3b57bd3d14912efb32fbc318fe4fa555977 firefox-debugsource-140.10.1-1.el9_6.x86_64.rpm SHA-256: f6bd35e3418a3b9bebf3e6bf711b7fe8327d0ebf3672fc20fe19cd8f24d50a0b firefox-x11-140.10.1-1.el9_6.x86_64.rpm SHA-256: c149daf01a1ab6c864c92c88852a56285bcd775cb864ddfbc6485081365094f9 Red Hat Enterprise Linux Server - AUS 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 x86_64 firefox-140.10.1-1.el9_6.x86_64.rpm SHA-256: 43123345892276eb9b386c1e109c350ad870dee2b671d4cb00b7bf08b8313e73 firefox-debuginfo-140.10.1-1.el9_6.x86_64.rpm SHA-256: d41ea274ec9321bfb8dc1a8736bef3b57bd3d14912efb32fbc318fe4fa555977 firefox-debugsource-140.10.1-1.el9_6.x86_64.rpm SHA-256: f6bd35e3418a3b9bebf3e6bf711b7fe8327d0ebf3672fc20fe19cd8f24d50a0b firefox-x11-140.10.1-1.el9_6.x86_64.rpm SHA-256: c149daf01a1ab6c864c92c88852a56285bcd775cb864ddfbc6485081365094f9 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 s390x firefox-140.10.1-1.el9_6.s390x.rpm SHA-256: 6382bae4d8f470221b4d7ff81be513b47c1fe99e4d0c258bb8dcd7ae38d57095 firefox-debuginfo-140.10.1-1.el9_6.s390x.rpm SHA-256: e98b6b36df62ebfaaebf5151b62822c1d1a8b848305a28d8320fa33dbae06db7 firefox-debugsource-140.10.1-1.el9_6.s390x.rpm SHA-256: 83a53e535e2cedbeb02d22d930f095b65d7700e8660010cd5e5a0889dbb86fd6 firefox-x11-140.10.1-1.el9_6.s390x.rpm SHA-256: 6e211c88e9d1f42d47b7107cff1b4e3c36edf9c031f5e8797e795615cc8b9395 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 ppc64le firefox-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 465e90017e1fc2bd46386863a66246909c108686b1443a4a40e2c582e70951f6 firefox-debuginfo-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 94242ef8fd60d7b35b745035ed973c55655956eea8e47db6217d01254725a88b firefox-debugsource-140.10.1-1.el9_6.ppc64le.rpm SHA-256: fee6d47a0837dab9a0e6739c34711fe7b7cdb23cd1522d0f322da3d4d9f216d3 firefox-x11-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 1b37fade5ce9fd02baf4a0c991fab38b7638e2c4ec05dd918049a5d71c2cf7cc Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 aarch64 firefox-140.10.1-1.el9_6.aarch64.rpm SHA-256: bf873698f130404cfc81fdfda4262936911a4722ec3a3b46b6084e24ccdf4b79 firefox-debuginfo-140.10.1-1.el9_6.aarch64.rpm SHA-256: 845a3550737caffc20b25bad54b14f433bb0f50860b404b6f9f19db363359bd6 firefox-debugsource-140.10.1-1.el9_6.aarch64.rpm SHA-256: caf14b853606add537da53391ea219f0898a4d8899ca1ea4b8b57e54c17d37c0 firefox-x11-140.10.1-1.el9_6.aarch64.rpm SHA-256: fd7cbb4952d5d475d3332b3e8f4fa9c31d9e0e9b0dd6eeec135d0947a57e26f0 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 ppc64le firefox-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 465e90017e1fc2bd46386863a66246909c108686b1443a4a40e2c582e70951f6 firefox-debuginfo-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 94242ef8fd60d7b35b745035ed973c55655956eea8e47db6217d01254725a88b firefox-debugsource-140.10.1-1.el9_6.ppc64le.rpm SHA-256: fee6d47a0837dab9a0e6739c34711fe7b7cdb23cd1522d0f322da3d4d9f216d3 firefox-x11-140.10.1-1.el9_6.ppc64le.rpm SHA-256: 1b37fade5ce9fd02baf4a0c991fab38b7638e2c4ec05dd918049a5d71c2cf7cc Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 x86_64 firefox-140.10.1-1.el9_6.x86_64.rpm SHA-256: 43123345892276eb9b386c1e109c350ad870dee2b671d4cb00b7bf08b8313e73 firefox-debuginfo-140.10.1-1.el9_6.x86_64.rpm SHA-256: d41ea274ec9321bfb8dc1a8736bef3b57bd3d14912efb32fbc318fe4fa555977 firefox-debugsource-140.10.1-1.el9_6.x86_64.rpm SHA-256: f6bd35e3418a3b9bebf3e6bf711b7fe8327d0ebf3672fc20fe19cd8f24d50a0b firefox-x11-140.10.1-1.el9_6.x86_64.rpm SHA-256: c149daf01a1ab6c864c92c88852a56285bcd775cb864ddfbc6485081365094f9 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 aarch64 firefox-140.10.1-1.el9_6.aarch64.rpm SHA-256: bf873698f130404cfc81fdfda4262936911a4722ec3a3b46b6084e24ccdf4b79 firefox-debuginfo-140.10.1-1.el9_6.aarch64.rpm SHA-256: 845a3550737caffc20b25bad54b14f433bb0f50860b404b6f9f19db363359bd6 firefox-debugsource-140.10.1-1.el9_6.aarch64.rpm SHA-256: caf14b853606add537da53391ea219f0898a4d8899ca1ea4b8b57e54c17d37c0 firefox-x11-140.10.1-1.el9_6.aarch64.rpm SHA-256: fd7cbb4952d5d475d3332b3e8f4fa9c31d9e0e9b0dd6eeec135d0947a57e26f0 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 s390x firefox-140.10.1-1.el9_6.s390x.rpm SHA-256: 6382bae4d8f470221b4d7ff81be513b47c1fe99e4d0c258bb8dcd7ae38d57095 firefox-debuginfo-140.10.1-1.el9_6.s390x.rpm SHA-256: e98b6b36df62ebfaaebf5151b62822c1d1a8b848305a28d8320fa33dbae06db7 firefox-debugsource-140.10.1-1.el9_6.s390x.rpm SHA-256: 83a53e535e2cedbeb02d22d930f095b65d7700e8660010cd5e5a0889dbb86fd6 firefox-x11-140.10.1-1.el9_6.s390x.rpm SHA-256: 6e211c88e9d1f42d47b7107cff1b4e3c36edf9c031f5e8797e795615cc8b9395 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM firefox-140.10.1-1.el9_6.src.rpm SHA-256: e23d3ba65687828ed6c23d861e3da825bbd9654a0facdc0ba67424ce341ddfe2 x86_64 firefox-140.10.1-1.el9_6.x86_64.rpm SHA-256: 43123345892276eb9b386c1e109c350ad870dee2b671d4cb00b7bf08b8313e73 firefox-debuginfo-140.10.1-1.el9_6.x86_64.rpm SHA-256: d41ea274ec9321bfb8dc1a8736bef3b57bd3d14912efb32fbc318fe4fa555977 firefox-debugsource-140.10.1-1.el9_6.x86_64.rpm SHA-256: f6bd35e3418a3b9bebf3e6bf711b7fe8327d0ebf3672fc20fe19cd8f24d50a0b firefox-x11-140.10.1-1.el9_6.x86_64.rpm SHA-256: c149daf01a1ab6c864c92c88852a56285bcd775c