This advisory addresses three vulnerabilities in Mozilla Firefox for Red Hat Enterprise Linux 9.2, including a critical WebRTC component issue (CVE-2026-8094, CVSS 9.8), high-severity memory safety bugs (CVE-2026-8092, CVSS 8.1), and a high-severity use-after-free in the DOM: Networking component (CVE-2026-8090, CVSS 7.3). Affected versions are Firefox prior to 115.35.2, Firefox 140.x prior to 140.10.2, and Firefox 150.x prior to 150.0.2. The fix requires updating to Firefox version 140.10.2 for the RHEL 9.2 channel specified.
Red Hat Product Errata RHSA-2026:24509 - Security Advisory Issued: 2026-06-08 Updated: 2026-06-08 RHSA-2026:24509 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: Other issue in the WebRTC component (CVE-2026-8094) firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 (CVE-2026-8092) firefox: Use-after-free in the DOM: Networking component (CVE-2026-8090) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2467706 - CVE-2026-8094 firefox: thunderbird: Other issue in the WebRTC component BZ - 2467708 - CVE-2026-8092 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 BZ - 2467709 - CVE-2026-8090 firefox: thunderbird: Use-after-free in the DOM: Networking component CVEs CVE-2026-8090 CVE-2026-8092 CVE-2026-8094 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 x86_64 firefox-140.10.2-1.el9_2.x86_64.rpm SHA-256: c3fc98e97b9c0bb34aec7408f66198da5735f32c8879782f8744dd7f35fbc0e9 firefox-debuginfo-140.10.2-1.el9_2.x86_64.rpm SHA-256: 92ef85df6a3ee40879c85d08c82607ee158d6131947877d494f27a95da6bb82a firefox-debugsource-140.10.2-1.el9_2.x86_64.rpm SHA-256: 05b56ac4ea8ac6b86bc84842a3c6e108e4b4bdacbc215fcd8bb0f16a88bbe2e9 firefox-x11-140.10.2-1.el9_2.x86_64.rpm SHA-256: d4a23493f2c77b4e7d37a258dc84bfa2161bd157219061c139aadf977cef7b68 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 ppc64le firefox-140.10.2-1.el9_2.ppc64le.rpm SHA-256: a8d31307ebe52f45e93dedc3c1c2f30db0e057d191925e4aa2e9caae5c1057b5 firefox-debuginfo-140.10.2-1.el9_2.ppc64le.rpm SHA-256: b8eb622efd636187ef25ce0b8a0afaa3cc1e14339463032f825042bed1c168a6 firefox-debugsource-140.10.2-1.el9_2.ppc64le.rpm SHA-256: d11bf9a635da6e6fe74076236e67b1f5db8df7e81e22e46846618ad42da692b6 firefox-x11-140.10.2-1.el9_2.ppc64le.rpm SHA-256: 801fcd834ffee08df1349881cdfabee6dac453c9b6cb500a90c450232d5e7b81 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 x86_64 firefox-140.10.2-1.el9_2.x86_64.rpm SHA-256: c3fc98e97b9c0bb34aec7408f66198da5735f32c8879782f8744dd7f35fbc0e9 firefox-debuginfo-140.10.2-1.el9_2.x86_64.rpm SHA-256: 92ef85df6a3ee40879c85d08c82607ee158d6131947877d494f27a95da6bb82a firefox-debugsource-140.10.2-1.el9_2.x86_64.rpm SHA-256: 05b56ac4ea8ac6b86bc84842a3c6e108e4b4bdacbc215fcd8bb0f16a88bbe2e9 firefox-x11-140.10.2-1.el9_2.x86_64.rpm SHA-256: d4a23493f2c77b4e7d37a258dc84bfa2161bd157219061c139aadf977cef7b68 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 aarch64 firefox-140.10.2-1.el9_2.aarch64.rpm SHA-256: ee3c9d4071442195ed9fea468aa5a0fefc440ad87211f58de16cee451ed3d727 firefox-debuginfo-140.10.2-1.el9_2.aarch64.rpm SHA-256: 605deb7269dec68a344ad0b1ad720216e6744ef6e0d7319b9f3fb7eae3624813 firefox-debugsource-140.10.2-1.el9_2.aarch64.rpm SHA-256: 21db3a0225e04375fafe51cb4d27c0e41489fc225bd4adf6257baa16b9202b79 firefox-x11-140.10.2-1.el9_2.aarch64.rpm SHA-256: 682fc7dd8984930f5a73b9d726f8b6fb3b86a005ada90213578128f196224be9 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 s390x firefox-140.10.2-1.el9_2.s390x.rpm SHA-256: 83aad6ea2f2922d24a320ecddbc9632883b8a466db6261aba68bc0c9e0b55628 firefox-debuginfo-140.10.2-1.el9_2.s390x.rpm SHA-256: e897eb836f051d8c880f2cd7f3f71f57ec77f5a7094e588c1c2a40711c486ece firefox-debugsource-140.10.2-1.el9_2.s390x.rpm SHA-256: d80c25dd047b77fd8f086d861cb0cd4a4721bc42b981ae147f39fbbd46fb43ae firefox-x11-140.10.2-1.el9_2.s390x.rpm SHA-256: dbfd91f3c57fc5f7174bb0b7efe89f46462d626864de644350dda1fe6cbb3253 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 x86_64 firefox-140.10.2-1.el9_2.x86_64.rpm SHA-256: c3fc98e97b9c0bb34aec7408f66198da5735f32c8879782f8744dd7f35fbc0e9 firefox-debuginfo-140.10.2-1.el9_2.x86_64.rpm SHA-256: 92ef85df6a3ee40879c85d08c82607ee158d6131947877d494f27a95da6bb82a firefox-debugsource-140.10.2-1.el9_2.x86_64.rpm SHA-256: 05b56ac4ea8ac6b86bc84842a3c6e108e4b4bdacbc215fcd8bb0f16a88bbe2e9 firefox-x11-140.10.2-1.el9_2.x86_64.rpm SHA-256: d4a23493f2c77b4e7d37a258dc84bfa2161bd157219061c139aadf977cef7b68 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 aarch64 firefox-140.10.2-1.el9_2.aarch64.rpm SHA-256: ee3c9d4071442195ed9fea468aa5a0fefc440ad87211f58de16cee451ed3d727 firefox-debuginfo-140.10.2-1.el9_2.aarch64.rpm SHA-256: 605deb7269dec68a344ad0b1ad720216e6744ef6e0d7319b9f3fb7eae3624813 firefox-debugsource-140.10.2-1.el9_2.aarch64.rpm SHA-256: 21db3a0225e04375fafe51cb4d27c0e41489fc225bd4adf6257baa16b9202b79 firefox-x11-140.10.2-1.el9_2.aarch64.rpm SHA-256: 682fc7dd8984930f5a73b9d726f8b6fb3b86a005ada90213578128f196224be9 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 ppc64le firefox-140.10.2-1.el9_2.ppc64le.rpm SHA-256: a8d31307ebe52f45e93dedc3c1c2f30db0e057d191925e4aa2e9caae5c1057b5 firefox-debuginfo-140.10.2-1.el9_2.ppc64le.rpm SHA-256: b8eb622efd636187ef25ce0b8a0afaa3cc1e14339463032f825042bed1c168a6 firefox-debugsource-140.10.2-1.el9_2.ppc64le.rpm SHA-256: d11bf9a635da6e6fe74076236e67b1f5db8df7e81e22e46846618ad42da692b6 firefox-x11-140.10.2-1.el9_2.ppc64le.rpm SHA-256: 801fcd834ffee08df1349881cdfabee6dac453c9b6cb500a90c450232d5e7b81 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM firefox-140.10.2-1.el9_2.src.rpm SHA-256: b99b645c98eb5c3b9c9b4a7362555081395477e0a94f1aa32e555cebcd81dfb0 s390x firefox-140.10.2-1.el9_2.s390x.rpm SHA-256: 83aad6ea2f2922d24a320ecddbc9632883b8a466db6261aba68bc0c9e0b55628 firefox-debuginfo-140.10.2-1.el9_2.s390x.rpm SHA-256: e897eb836f051d8c880f2cd7f3f71f57ec77f5a7094e588c1c2a40711c486ece firefox-debugsource-140.10.2-1.el9_2.s390x.rpm SHA-256: d80c25dd047b77fd8f086d861cb0cd4a4721bc42b981ae147f39fbbd46fb43ae firefox-x11-140.10.2-1.el9_2.s390x.rpm SHA-256: dbfd91f3c57fc5f7174bb0b7efe89f46462d626864de644350dda1fe6cbb3253 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .