This Red Hat advisory addresses three critical and high-severity vulnerabilities in Firefox, including a critical (CVSS 9.8) unspecified issue in WebRTC (CVE-2026-8094) and high-severity memory safety bugs (CVE-2026-8092) and a use-after-free in the DOM: Networking component (CVE-2026-8090). Affected versions vary per CVE, but include Firefox versions prior to 115.35.2, versions 140.0 through 140.10.2, and versions 150.0 through 150.0.2. The fix requires updating to Firefox version 140.10.2 for RHEL 10.0 EUS, or to versions 115.35.2, 140.10.2, or 150.0.2 as specified by the NVD data for each CVE.
Red Hat Product Errata RHSA-2026:24511 - Security Advisory Issued: 2026-06-08 Updated: 2026-06-08 RHSA-2026:24511 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: Other issue in the WebRTC component (CVE-2026-8094) firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 (CVE-2026-8092) firefox: Use-after-free in the DOM: Networking component (CVE-2026-8090) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2467706 - CVE-2026-8094 firefox: thunderbird: Other issue in the WebRTC component BZ - 2467708 - CVE-2026-8092 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 BZ - 2467709 - CVE-2026-8090 firefox: thunderbird: Use-after-free in the DOM: Networking component CVEs CVE-2026-8090 CVE-2026-8092 CVE-2026-8094 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 x86_64 firefox-140.10.2-1.el10_0.x86_64.rpm SHA-256: a2d6367fe33677533a8e84e7d65e8989124c06c8bbaabb450c3b6e1e2d3ec1ed firefox-debuginfo-140.10.2-1.el10_0.x86_64.rpm SHA-256: 7ca6b37b9e9e26741fd4ee5c00e2b44ce45d4ef928d0160e8a6b34ae4b7a1990 firefox-debugsource-140.10.2-1.el10_0.x86_64.rpm SHA-256: 248d399d5a741c3291e5d148943af8b065bc9ad6dfe5ee5169d2ac00be2d341c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 s390x firefox-140.10.2-1.el10_0.s390x.rpm SHA-256: b47c2a88f22bd5c2049d71106c9bd393ea9fab2e85a1b3fdadad5b8a713e4a04 firefox-debuginfo-140.10.2-1.el10_0.s390x.rpm SHA-256: 7b6b68e82b9e96886f51aa803db1983506adc95ca7a470db1f8a928acbefee44 firefox-debugsource-140.10.2-1.el10_0.s390x.rpm SHA-256: 977be8e9d7198eb239140298bf3f0d3b666c388ce6852c50e5aba8f9d87f4f52 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 ppc64le firefox-140.10.2-1.el10_0.ppc64le.rpm SHA-256: be2def4c46c59ee0e065d1b7ffb0e259e1530c19d6d8e93dcc56494083e6dc54 firefox-debuginfo-140.10.2-1.el10_0.ppc64le.rpm SHA-256: 40f43209f17ae12f7cc5ebf1717a7be433fc16bf8849f6922a66f3009f964ec8 firefox-debugsource-140.10.2-1.el10_0.ppc64le.rpm SHA-256: 1a7140696b9d9a8d554cd574b8af0194019e887c8bdae47d7e98d2ff2e420459 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 aarch64 firefox-140.10.2-1.el10_0.aarch64.rpm SHA-256: 2e9f8db958f7f3ea0a1d0f786f851caad5384130bdd5416cb7a92718b5aee6f0 firefox-debuginfo-140.10.2-1.el10_0.aarch64.rpm SHA-256: 34154c338c9971b1cee7e30bf276ec79ff1a8e3739a8fad7817ed9733fdc0de2 firefox-debugsource-140.10.2-1.el10_0.aarch64.rpm SHA-256: 97dfa31a57c8b17d06648cd44afa122fd8a51e318f9166bf50b2d13dcdb21889 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 aarch64 firefox-140.10.2-1.el10_0.aarch64.rpm SHA-256: 2e9f8db958f7f3ea0a1d0f786f851caad5384130bdd5416cb7a92718b5aee6f0 firefox-debuginfo-140.10.2-1.el10_0.aarch64.rpm SHA-256: 34154c338c9971b1cee7e30bf276ec79ff1a8e3739a8fad7817ed9733fdc0de2 firefox-debugsource-140.10.2-1.el10_0.aarch64.rpm SHA-256: 97dfa31a57c8b17d06648cd44afa122fd8a51e318f9166bf50b2d13dcdb21889 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 s390x firefox-140.10.2-1.el10_0.s390x.rpm SHA-256: b47c2a88f22bd5c2049d71106c9bd393ea9fab2e85a1b3fdadad5b8a713e4a04 firefox-debuginfo-140.10.2-1.el10_0.s390x.rpm SHA-256: 7b6b68e82b9e96886f51aa803db1983506adc95ca7a470db1f8a928acbefee44 firefox-debugsource-140.10.2-1.el10_0.s390x.rpm SHA-256: 977be8e9d7198eb239140298bf3f0d3b666c388ce6852c50e5aba8f9d87f4f52 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 ppc64le firefox-140.10.2-1.el10_0.ppc64le.rpm SHA-256: be2def4c46c59ee0e065d1b7ffb0e259e1530c19d6d8e93dcc56494083e6dc54 firefox-debuginfo-140.10.2-1.el10_0.ppc64le.rpm SHA-256: 40f43209f17ae12f7cc5ebf1717a7be433fc16bf8849f6922a66f3009f964ec8 firefox-debugsource-140.10.2-1.el10_0.ppc64le.rpm SHA-256: 1a7140696b9d9a8d554cd574b8af0194019e887c8bdae47d7e98d2ff2e420459 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM firefox-140.10.2-1.el10_0.src.rpm SHA-256: 3ff84d6db6687f48cd9bd1adbff34eca64669f03884b305b081d089a33880869 x86_64 firefox-140.10.2-1.el10_0.x86_64.rpm SHA-256: a2d6367fe33677533a8e84e7d65e8989124c06c8bbaabb450c3b6e1e2d3ec1ed firefox-debuginfo-140.10.2-1.el10_0.x86_64.rpm SHA-256: 7ca6b37b9e9e26741fd4ee5c00e2b44ce45d4ef928d0160e8a6b34ae4b7a1990 firefox-debugsource-140.10.2-1.el10_0.x86_64.rpm SHA-256: 248d399d5a741c3291e5d148943af8b065bc9ad6dfe5ee5169d2ac00be2d341c The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .