[Apollo] Advisories Statistics light light Login

RLSA-2026:7672

Security Mirrored from RHSA-2026:7672
Issued at: 2026-04-15
Updated at: 2026-04-15

Synopsis

Important: firefox security update



Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)

* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2451819 2455897 2451805 2455908 2455901

CVEs

CVE-2026-33416 CVE-2026-33636 CVE-2026-5731 CVE-2026-5732 CVE-2026-5734

Affected packages

Rocky Linux 10 s390x - AppStream

firefox-debugsource-0:140.9.1-1.el10_1.s390x.rpm firefox-debuginfo-0:140.9.1-1.el10_1.s390x.rpm firefox-0:140.9.1-1.el10_1.s390x.rpm firefox-0:140.9.1-1.el10_1.src.rpm

Rocky Linux 10 ppc64le - AppStream

firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le.rpm firefox-0:140.9.1-1.el10_1.ppc64le.rpm firefox-0:140.9.1-1.el10_1.src.rpm firefox-debugsource-0:140.9.1-1.el10_1.ppc64le.rpm

Rocky Linux 10 aarch64 - AppStream

firefox-0:140.9.1-1.el10_1.aarch64.rpm firefox-0:140.9.1-1.el10_1.src.rpm firefox-debugsource-0:140.9.1-1.el10_1.aarch64.rpm firefox-debuginfo-0:140.9.1-1.el10_1.aarch64.rpm

Rocky Linux 10 x86_64 - AppStream

firefox-debugsource-0:140.9.1-1.el10_1.x86_64.rpm firefox-0:140.9.1-1.el10_1.x86_64.rpm firefox-debuginfo-0:140.9.1-1.el10_1.x86_64.rpm firefox-0:140.9.1-1.el10_1.src.rpm