Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Mageia 9 Firefox Moderate LZ4 NULL Pointer Issues Fix MGASA-2026-0145

mageia
Calendar Grey May 16, 2026
Dist Mageia Esm H88
Updated Firefox and Thunderbird packages address multiple security issues in Mageia 9. Critical fixes for memory safety and DTD parsing.
MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities

Summary

Description: LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094)

References

- https://bugs.mageia.org/show_bug.cgi?id=35508

- https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094

Resolution

SRPMS

- 9/core/firefox-140.10.2-1.mga9

- 9/core/firefox-l10n-140.10.2-1.mga9

- 9/core/thunderbird-140.10.2-1.mga9

- 9/core/thunderbird-l10n-140.10.2-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 16 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0145.html
Type: security
CVE: CVE-2025-62813, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8090, CVE-2026-8092, CVE-2026-8094

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here