Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Mageia Firefox Critical Security Flaws Advisory 2026-0242 CVE-2026-12289

mageia
Calendar Grey July 13, 2026
Dist Mageia Esm H88
This advisory outlines critical security flaws in Firefox affecting Mageia versions, including privilege escalations and memory safety issues.
Security update

Summary

Description: The updated packages fix security vulnerabilities: Privilege escalation in the Graphics: WebRender component. (CVE-2026-12289) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12290) Use-after-free in the Networking: HTTP component. (CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. (CVE-2026-12292) Sandbox escape in the DOM: Workers component. (CVE-2026-12294) Sandbox escape in the DOM: Navigation component. (CVE-2026-12295) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12298) Sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. (CVE-2026-12297) JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12329) Mitigation bypass in the DOM: Security component. (CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. (CVE-2026-12304...

References

- https://bugs.mageia.org/show_bug.cgi?id=35715

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_125.html

- https://www.firefox.com/en-US/firefox/140.12.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/

- https://www.cve.org/CVERecord?id=CVE-2026-12289

- https://www.cve.org/CVERecord?id=CVE-2026-12290

- https://www.cve.org/CVERecord?id=CVE-2026-12291

- https://www.cve.org/CVERecord?id=CVE-2026-12292

- https://www.cve.org/CVERecord?id=CVE-2026-12294

- https://www.cve.org/CVERecord?id=CVE-2026-12295

- https://www.cve.org/CVERecord?id=CVE-2026-12296

- https://www.cve.org/CVERecord?id=CVE-2026-12297

- https://www.cve.org/CVERecord?id=CVE-2026-12298

- https://www.cve.org/CVERecord?id=CVE-2026-12299

- https://www.cve.org/CVERecord?id=CVE-2026-12302

- https://www.cve.org/CVERecord?id=CVE-2026-12304

- https://www.cve.org/CVERecord?id=CVE-2026-12305

- https://www.cve.org/CVERecord?id=CVE-2026-12306

- https://www.cve.org/CVERecord?id=CVE-2026-12307

- https://www.cve.org/CVERecord?id=CVE-2026-12308

- https://www.cve.org/CVERecord?id=CVE-2026-12309

- https://www.cve.org/CVERecord?id=CVE-2026-12310

- https://www.cve.org/CVERecord?id=CVE-2026-12311

- https://www.cve.org/CVERecord?id=CVE-2026-12312

- https://www.cve.org/CVERecord?id=CVE-2026-12313

- https://www.cve.org/CVERecord?id=CVE-2026-12314

- https://www.cve.org/CVERecord?id=CVE-2026-12315

- https://www.cve.org/CVERecord?id=CVE-2026-12324

- https://www.cve.org/CVERecord?id=CVE-2026-12325

- https://www.cve.org/CVERecord?id=CVE-2026-12327

- https://www.cve.org/CVERecord?id=CVE-2026-12328

- https://www.cve.org/CVERecord?id=CVE-2026-12329

- https://www.cve.org/CVERecord?id=CVE-2026-12330

Resolution

SRPMS

- 10/core/rootcerts-20260611.00-1.mga10

- 10/core/nss-3.125.0-1.mga10

- 10/core/firefox-140.12.0-1.mga10

- 10/core/firefox-l10n-140.12.0-1.mga10

- 9/core/rootcerts-20260611.00-1.mga9

- 9/core/nss-3.125.0-1.mga9

- 9/core/firefox-140.12.0-1.mga9

- 9/core/firefox-l10n-140.12.0-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 13 Jul 2026 
URL: https://advisories.mageia.org/MGASA-2026-0242.html
Type: security
CVE: CVE-2026-12289, CVE-2026-12290, CVE-2026-12291, CVE-2026-12292, CVE-2026-12294, CVE-2026-12295, CVE-2026-12296, CVE-2026-12297, CVE-2026-12298, CVE-2026-12299, CVE-2026-12302, CVE-2026-12304, CVE-2026-12305, CVE-2026-12306, CVE-2026-12307, CVE-2026-12308, CVE-2026-12309, CVE-2026-12310, CVE-2026-12311, CVE-2026-12312, CVE-2026-12313, CVE-2026-12314, CVE-2026-12315, CVE-2026-12324, CVE-2026-12325, CVE-2026-12327, CVE-2026-12328, CVE-2026-12329, CVE-2026-12330

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.