This update for MozillaFirefox fixes the following issues
Updated to Firefox Extended Support Release 140.10.2 ESR (bsc#1264378,MFSA 2026-41):
- CVE-2026-8090: Use-after-free in the DOM: Networking component.
- CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback component.
- CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2.
- CVE-2026-8094: Other issue in the WebRTC component.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-732=1
- openSUSE Leap 16.0:
MozillaFirefox-140.10.2-160000.1.1
MozillaFirefox-branding-upstream-140.10.2-160000.1.1
MozillaFirefox-devel-140.10.2-160000.1.2
MozillaFirefox-translations-common-140.10.2-160000.1.1
MozillaFirefox-translations-other-140.10.2-160000.1.1
* bsc#1264378
References:
* https://www.suse.com/security/cve/CVE-2026-8090.html
* https://www.suse.com/security/cve/CVE-2026-8091.html
* https://www.suse.com/security/cve/CVE-2026-8092.html
* https://www.suse.com/security/cve/CVE-2026-8094.html
Get the latest Linux and open source security news straight to your inbox.