This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 140.7.0 ESR (bsc#1256340).
* MFSA 2026-03
* CVE-2026-0877: Mitigation bypass in the DOM: Security component
* CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the
Graphics: CanvasWebGL component
* CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the
Graphics component
* CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
component
* CVE-2026-0882: Use-after-free in the IPC component
* CVE-2025-14327: Spoofing issue in the Downloads Panel component
* CVE-2026-0883: Information disclosure in the Networking component
* CVE-2026-0884: Use-after-free in the JavaScript Engine component
* CVE-2026-0885: Use-after-free in the JavaScript: GC component
* CVE-2026-0886: Incorrect boundary conditions in the Graphics component
* CVE-2026-0887: Clickjacking issue, information disclosure in the PDF...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-260=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-260=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-260=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-260=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-260=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-260=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-260=1
* SUSE Linux...
Read the Full Advisory* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.7.0-150200.152.216.1
* MozillaFirefox-debugsource-140.7.0-150200.152.216.1
* MozillaFirefox-translations-common-140.7.0-150200.152.216.1
* MozillaFirefox-140.7.0-150200.152.216.1
* MozillaFirefox-branding-upstream-140.7.0-150200.152.216.1
* MozillaFirefox-debuginfo-140.7.0-150200.152.216.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-140.7.0-150200.152.216.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.7.0-150200.152.216.1
* MozillaFirefox-debugsource-140.7.0-150200.152.216.1
* MozillaFirefox-translations-common-140.7.0-150200.152.216.1
* MozillaFirefox-140.7.0-150200.152.216.1
* MozillaFirefox-debuginfo-140.7.0-150200.152.216.1
* Desktop Applications Module 15-SP7 (noarch)
* MozillaFirefox-devel-140.7.0-150200.152.216.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
*...
Read the Full Advisory* bsc#1256340
## References:
* https://www.suse.com/security/cve/CVE-2025-14327.html
* https://www.suse.com/security/cve/CVE-2026-0877.html
* https://www.suse.com/security/cve/CVE-2026-0878.html
* https://www.suse.com/security/cve/CVE-2026-0879.html
* https://www.suse.com/security/cve/CVE-2026-0880.html
* https://www.suse.com/security/cve/CVE-2026-0882.html
* https://www.suse.com/security/cve/CVE-2026-0883.html
* https://www.suse.com/security/cve/CVE-2026-0884.html
* https://www.suse.com/security/cve/CVE-2026-0885.html
* https://www.suse.com/security/cve/CVE-2026-0886.html
* https://www.suse.com/security/cve/CVE-2026-0887.html
* https://www.suse.com/security/cve/CVE-2026-0890.html
* https://www.suse.com/security/cve/CVE-2026-0891.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256340
Get the latest Linux and open source security news straight to your inbox.