Stay Secure with the Latest Linux Advisories

security advisoryupdateimportant

Ubuntu OS 22 Chromium Achieves Major Security Upgrade RLSA-2026-20989

Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:10766", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the FileHandling component (CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2460074", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "description": ""}, {"ticket": "2460075", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "description": ""}, {"ticket": "2460076", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "description": ""}, {"ticket": "2460078", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "description": ""}, {"ticket": "2460079", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "description": ""}, {"ticket":"2460085", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "description": ""}, {"ticket": "2460086", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "description": ""}, {"ticket": "2460088", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "description": ""}, {"ticket": "2460092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "description": ""}, {"ticket": "2460094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094", "description": ""}, {"ticket": "2460095", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "description": ""}, {"ticket": "2460096", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "description": ""}, {"ticket": "2460097", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "description": ""}, {"ticket": "2460099", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "description": ""}, {"ticket": "2460101", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "description": ""}, {"ticket": "2460102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "description": ""}, {"ticket": "2460103", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "description": ""}, {"ticket": "2460104", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "description": ""}, {"ticket": "2460105", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "description": ""}, {"ticket": "2460106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "description": ""}, {"ticket": "2460107", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "description": ""}, {"ticket": "2460108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "description": ""}, {"ticket": "2460109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "description": ""}, {"ticket": "2460110", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "description": ""}, {"ticket": "2460112", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "description": ""}], "cves": [{"name": "CVE-2026-6746", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6747", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6748", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6749", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6750", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-6751", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore":"7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6752", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-131"}, {"name": "CVE-2026-6753", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6754", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6757", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-823"}, {"name": "CVE-2026-6759", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-6761", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6762", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-1021"}, {"name": "CVE-2026-6763", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-66"}, {"name": "CVE-2026-6764", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-805"}, {"name": "CVE-2026-6765", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-359"}, {"name": "CVE-2026-6766", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-125"}, {"name": "CVE-2026-6767", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-676"}, {"name": "CVE-2026-6769", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6770", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-440"}, {"name": "CVE-2026-6771", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-358"}, {"name": "CVE-2026-6772", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-6776", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-6785", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6786", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-04-30T18:01:05.380956Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-0:140.10.0-1.el8_10.src.rpm", "firefox-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Firefox security update issued for Rocky Linux 8 covering various important fixes. Immediate attention is recommended.. Rocky Linux, Firefox, CVSS, security update, vulnerability fixes. . Severity: Important. LinuxSecurity.com Team

Apr 30, 2026 •Important Rocky Linux