Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE MozillaFirefox Important Security Update 2026-1649-1

suse
Calendar Grey April 29, 2026
Scroller Suse
25 vulnerabilities fixed in important security update for MozillaFirefox on SUSE, addressing privilege escalation and memory safety.
An update that solves 25 vulnerabilities can now be installed.

Summary

## This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR (bsc#1262230, MFSA 2026-32): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component.

References

* bsc#1262230

Cross-

* CVE-2026-6746

* CVE-2026-6747

* CVE-2026-6748

* CVE-2026-6749

* CVE-2026-6750

* CVE-2026-6751

* CVE-2026-6752

* CVE-2026-6753

* CVE-2026-6754

* CVE-2026-6757

* CVE-2026-6759

* CVE-2026-6761

* CVE-2026-6762

* CVE-2026-6763

* CVE-2026-6764

* CVE-2026-6765

* CVE-2026-6766

* CVE-2026-6767

* CVE-2026-6769

* CVE-2026-6770

* CVE-2026-6771

* CVE-2026-6772

* CVE-2026-6776

* CVE-2026-6785

* CVE-2026-6786

CVSS scores:

* CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1649-1
Release Date: 2026-04-28T18:52:37Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.