{"schema_version": "1.7.0", "id": "RLSA-2026:3361", "modified": "2026-02-26T20:49:41.607688Z", "published": "2026-02-26T20:47:54.095478Z", "upstream": ["CVE-2026-2447", "CVE-2026-2757", "CVE-2026-2758", "CVE-2026-2759", "CVE-2026-2760", "CVE-2026-2761", "CVE-2026-2762", "CVE-2026-2763", "CVE-2026-2764", "CVE-2026-2765", "CVE-2026-2766", "CVE-2026-2767", "CVE-2026-2768", "CVE-2026-2769", "CVE-2026-2770", "CVE-2026-2771", "CVE-2026-2772", "CVE-2026-2773", "CVE-2026-2774", "CVE-2026-2775", "CVE-2026-2776", "CVE-2026-2777", "CVE-2026-2778", "CVE-2026-2779", "CVE-2026-2780", "CVE-2026-2781", "CVE-2026-2782", "CVE-2026-2783", "CVE-2026-2784", "CVE-2026-2785", "CVE-2026-2786", "CVE-2026-2787", "CVE-2026-2788", "CVE-2026-2789", "CVE-2026-2790", "CVE-2026-2791", "CVE-2026-2792", "CVE-2026-2793"], "summary": "Important: firefox security update", "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n\n* firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n\n* firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)\n\n* firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n\n* firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n\n* firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n\n* firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n\n* firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n\n* firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n\n* firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n\n* firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n\n* firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n\n* firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n\n* firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n\n* firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n\n* firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n\n* firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n\n* firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n\n* firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n\n* firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n\n* firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n\n* firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n\n* firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n\n* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n\n* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)\n\n* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n\n* firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n\n* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:10", "name": "firefox", "purl": "pkg:rpm/rocky-linux/firefox?distro=rocky-linux-10&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:140.8.0-2.el10_1"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:3361"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442331"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442337"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442322"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442295"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442343"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442290"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442307"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442316"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442304"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442318"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442342"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442288"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442325"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442320"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442291"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442312"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442297"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442324"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442319"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442327"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442300"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442313"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442284"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442287"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442308"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442298"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442294"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442333"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442309"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442334"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442326"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442302"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}