|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20621-1 (firefox)



From:
              null@suse.de


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20621-1: important: Security update for MozillaFirefox


Date:
              Mon, 27 Apr 2026 17:52:20 +0200


Message-ID:
              <20260427155220.64A4FFCE1@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for mozillafirefox
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20621-1
Rating: important
References:

  * bsc#1262230



Cross-References:

  * CVE-2026-6746
  * CVE-2026-6747
  * CVE-2026-6748
  * CVE-2026-6749
  * CVE-2026-6750
  * CVE-2026-6751
  * CVE-2026-6752
  * CVE-2026-6753
  * CVE-2026-6754
  * CVE-2026-6757
  * CVE-2026-6759
  * CVE-2026-6761
  * CVE-2026-6762
  * CVE-2026-6763
  * CVE-2026-6764
  * CVE-2026-6765
  * CVE-2026-6766
  * CVE-2026-6767
  * CVE-2026-6769
  * CVE-2026-6770
  * CVE-2026-6771
  * CVE-2026-6772
  * CVE-2026-6776
  * CVE-2026-6785
  * CVE-2026-6786



Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 25 vulnerabilities and has one bug fix can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.10.0 ESR.

- MFSA 2026-32 (bsc#1262230):
 * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
 * CVE-2026-6747: Use-after-free in the WebRTC component
 * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component
 * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D
component
 * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component
 * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component
 * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component
 * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component
 * CVE-2026-6754: Use-after-free in the JavaScript Engine component
 * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component
 * CVE-2026-6759: Use-after-free in the Widget: Cocoa component
 * CVE-2026-6761: Privilege escalation in the Networking component
 * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component
 * CVE-2026-6763: Mitigation bypass in the File Handling component
 * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component
 * CVE-2026-6765: Information disclosure in the Form Autofill component
 * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS
 * CVE-2026-6767: Other issue in the Libraries component in NSS
 * CVE-2026-6769: Privilege escalation in the Debugger component
 * CVE-2026-6770: Other issue in the Storage: IndexedDB component
 * CVE-2026-6771: Mitigation bypass in the DOM: Security component
 * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS
 * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component
 * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird
ESR 140.10, Firefox
   150 and Thunderbird 150
 * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox
150 and Thunderbird
   150


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-635=1

Package List:

- openSUSE Leap 16.0:

  MozillaFirefox-140.10.0-160000.1.1
  MozillaFirefox-branding-upstream-140.10.0-160000.1.1
  MozillaFirefox-devel-140.10.0-160000.1.1
  MozillaFirefox-translations-common-140.10.0-160000.1.1
  MozillaFirefox-translations-other-140.10.0-160000.1.1

References:

  * https://www.suse.com/security/cve/CVE-2026-6746.html
  * https://www.suse.com/security/cve/CVE-2026-6747.html
  * https://www.suse.com/security/cve/CVE-2026-6748.html
  * https://www.suse.com/security/cve/CVE-2026-6749.html
  * https://www.suse.com/security/cve/CVE-2026-6750.html
  * https://www.suse.com/security/cve/CVE-2026-6751.html
  * https://www.suse.com/security/cve/CVE-2026-6752.html
  * https://www.suse.com/security/cve/CVE-2026-6753.html
  * https://www.suse.com/security/cve/CVE-2026-6754.html
  * https://www.suse.com/security/cve/CVE-2026-6757.html
  * https://www.suse.com/security/cve/CVE-2026-6759.html
  * https://www.suse.com/security/cve/CVE-2026-6761.html
  * https://www.suse.com/security/cve/CVE-2026-6762.html
  * https://www.suse.com/security/cve/CVE-2026-6763.html
  * https://www.suse.com/security/cve/CVE-2026-6764.html
  * https://www.suse.com/security/cve/CVE-2026-6765.html
  * https://www.suse.com/security/cve/CVE-2026-6766.html
  * https://www.suse.com/security/cve/CVE-2026-6767.html
  * https://www.suse.com/security/cve/CVE-2026-6769.html
  * https://www.suse.com/security/cve/CVE-2026-6770.html
  * https://www.suse.com/security/cve/CVE-2026-6771.html
  * https://www.suse.com/security/cve/CVE-2026-6772.html
  * https://www.suse.com/security/cve/CVE-2026-6776.html
  * https://www.suse.com/security/cve/CVE-2026-6785.html
  * https://www.suse.com/security/cve/CVE-2026-6786.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds