Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 113 articles for you...
100

SUSE Linux Enterprise 16 Kernel Important Security Update 2026-22031-1

An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22031-1 Release Date: 2026-06-01T20:59:02Z Rating: important References: * bsc#1259798 * bsc#1260563 * bsc#1260908 * bsc#1264096 * bsc#1265224 * bsc#1265384 Cross-References: * CVE-2025-54518 * CVE-2026-23243 * CVE-2026-23274 * CVE-2026-23317 * CVE-2026-46300 * CVE-2026-46333 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563). * CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). * CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-853=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-853=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-11-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-11-160000.1.1 *kernel-livepatch-6_12_0-160000_6-default-debuginfo-11-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-46300.html * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1259798 * https://bugzilla.suse.com/show_bug.cgi?id=1260563 * https://bugzilla.suse.com/show_bug.cgi?id=1260908 * https://bugzilla.suse.com/show_bug.cgi?id=1264096 * https://bugzilla.suse.com/show_bug.cgi?id=1265224 * https://bugzilla.suse.com/show_bug.cgi?id=1265384 . SUSE Linux kernel security update addresses six vulnerabilities, enhancing system integrity and protecting against exploits.. SUSE Linux Server, kernel patch, security update, exploit mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important SuSE
219

Rocky Linux 9 Thunderbird Security Fix Release RLSA-2026-15903

Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:15892", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the File Handling component(CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2460074", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "description": ""}, {"ticket": "2460075", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "description": ""}, {"ticket": "2460076", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "description": ""}, {"ticket": "2460078", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "description": ""}, {"ticket": "2460079", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "description": ""}, {"ticket": "2460085","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "description": ""}, {"ticket": "2460086", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "description": ""}, {"ticket": "2460088", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "description": ""}, {"ticket": "2460092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "description": ""}, {"ticket": "2460094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094", "description": ""}, {"ticket": "2460095", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "description": ""}, {"ticket": "2460096", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "description": ""}, {"ticket": "2460097", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "description": ""}, {"ticket": "2460099", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "description": ""}, {"ticket": "2460101", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "description": ""}, {"ticket": "2460102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "description": ""}, {"ticket": "2460103", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "description": ""}, {"ticket": "2460104", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "description": ""}, {"ticket": "2460105", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "description": ""}, {"ticket": "2460106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "description": ""}, {"ticket": "2460107", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "description": ""}, {"ticket": "2460108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "description": ""}, {"ticket": "2460109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "description": ""}, {"ticket": "2460110", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "description": ""}, {"ticket": "2460112", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "description": ""}], "cves": [{"name": "CVE-2026-6746", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6747", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6748", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6749", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6750", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-6751", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe":"CWE-824"}, {"name": "CVE-2026-6752", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-131"}, {"name": "CVE-2026-6753", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6754", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6757", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-823"}, {"name": "CVE-2026-6759", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-6761", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6762", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-1021"}, {"name": "CVE-2026-6763", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-66"}, {"name": "CVE-2026-6764", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-805"}, {"name": "CVE-2026-6765", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-359"}, {"name": "CVE-2026-6766", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-125"}, {"name": "CVE-2026-6767", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-676"}, {"name": "CVE-2026-6769", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6770", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-440"}, {"name": "CVE-2026-6771", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-358"}, {"name": "CVE-2026-6772", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-6776", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-6785", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6786", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-05-13T12:03:42.485295Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-0:140.10.0-1.el9_7.src.rpm", "thunderbird-0:140.10.0-1.el9_7.x86_64.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.x86_64.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Mozilla Thunderbird security update for Rocky Linux improves defenses against spoofing and memory safety issues. Update required.. thunderbird security, Rocky Linux update, memory safety, spoofing security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 13, 2026 Important Rocky Linux
219

Rocky Linux 8 Web Interface Essential Patch Release RLSA-2026-11050

Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:10766", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the FileHandling component (CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2460074", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "description": ""}, {"ticket": "2460075", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "description": ""}, {"ticket": "2460076", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "description": ""}, {"ticket": "2460078", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "description": ""}, {"ticket": "2460079", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "description": ""}, {"ticket":"2460085", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "description": ""}, {"ticket": "2460086", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "description": ""}, {"ticket": "2460088", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "description": ""}, {"ticket": "2460092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "description": ""}, {"ticket": "2460094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094", "description": ""}, {"ticket": "2460095", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "description": ""}, {"ticket": "2460096", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "description": ""}, {"ticket": "2460097", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "description": ""}, {"ticket": "2460099", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "description": ""}, {"ticket": "2460101", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "description": ""}, {"ticket": "2460102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "description": ""}, {"ticket": "2460103", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "description": ""}, {"ticket": "2460104", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "description": ""}, {"ticket": "2460105", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "description": ""}, {"ticket": "2460106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "description": ""}, {"ticket": "2460107", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "description": ""}, {"ticket": "2460108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "description": ""}, {"ticket": "2460109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "description": ""}, {"ticket": "2460110", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "description": ""}, {"ticket": "2460112", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "description": ""}], "cves": [{"name": "CVE-2026-6746", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6747", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6748", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6749", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6750", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-6751", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore":"7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6752", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-131"}, {"name": "CVE-2026-6753", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6754", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6757", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-823"}, {"name": "CVE-2026-6759", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-6761", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6762", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-1021"}, {"name": "CVE-2026-6763", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-66"}, {"name": "CVE-2026-6764", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-805"}, {"name": "CVE-2026-6765", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-359"}, {"name": "CVE-2026-6766", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-125"}, {"name": "CVE-2026-6767", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-676"}, {"name": "CVE-2026-6769", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6770", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-440"}, {"name": "CVE-2026-6771", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-358"}, {"name": "CVE-2026-6772", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-6776", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-6785", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6786", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-04-30T18:01:05.380956Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-0:140.10.0-1.el8_10.src.rpm", "firefox-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux updates Firefox facing major security issues including use-after-free and spoofing risks, patch promptly.. Firefox Security Update,Rocky Linux Vulnerability,Open Source Browser Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 30, 2026 Important Rocky Linux
197

Debian 11 firefox-esr Critical Security Update DLA-4546-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing, information disclosure or privilege escalation. For Debian 11 bullseye, these problems have been fixed in version 140.10.0esr-1~deb11u1.. Debian LTS Advisory DLA-4546-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 23, 2026 https://wiki.debian.org/LTS Package : firefox-esr Version : 140.10.0esr-1~deb11u1 CVE ID : CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749 CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753 CVE-2026-6754 CVE-2026-6757 CVE-2026-6761 CVE-2026-6762 CVE-2026-6763 CVE-2026-6764 CVE-2026-6765 CVE-2026-6766 CVE-2026-6767 CVE-2026-6769 CVE-2026-6770 CVE-2026-6771 CVE-2026-6772 CVE-2026-6776 CVE-2026-6785 CVE-2026-6786 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing, information disclosure or privilege escalation. For Debian 11 bullseye, these problems have been fixed in version 140.10.0esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Address multiple security issues in Firefox-ESR on Debian 11 that allow execution of arbitrary code and information disclosure.. Debian Security Advisory, Firefox ESR Update, Debian 11 Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 23, 2026 Critical Debian LTS
219

Rocky Linux Firefox Security RLSA-2026-0667 High Memory Safety Spoofing Risk

Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:0667", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)\n\n* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (CVE-2026-0891)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-0878)\n\n* firefox: Use-after-free in the IPC component (CVE-2026-0882)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)\n\n* firefox: Information disclosure in the Networking component (CVE-2026-0883)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)\n\n* firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)\n\n* firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)\n\n* firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)\n\n* firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"],"fixes": [{"ticket": "2420507", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507", "description": ""}, {"ticket": "2428961", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "description": ""}, {"ticket": "2428963", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "description": ""}, {"ticket": "2428965", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "description": ""}, {"ticket": "2428966", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "description": ""}, {"ticket": "2428967", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "description": ""}, {"ticket": "2428968", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "description": ""}, {"ticket": "2428969", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "description": ""}, {"ticket": "2428971", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "description": ""}, {"ticket": "2428972", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "description": ""}, {"ticket": "2428973", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "description": ""}, {"ticket": "2428975", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "description": ""}, {"ticket": "2428978", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "description": ""}], "cves": [{"name": "CVE-2025-14327", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-14327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0877", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2026-0877", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0878", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0878", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0879", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0879", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0880", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0880", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0882", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0882", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0883", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0883", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0884", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0884", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0885", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0885", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0886", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0886", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0887", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0887","cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0890", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0890", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": null}, {"name": "CVE-2026-0891", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0891", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-01-16T09:03:02.132913Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-debugsource-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.7.0-1.el8_10.x86_64.rpm", "firefox-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-0:140.7.0-1.el8_10.src.rpm", "firefox-0:140.7.0-1.el8_10.x86_64.rpm", "firefox-debugsource-0:140.7.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for Firefox on Rocky Linux 8 addresses multiple issues such as spoofing and memory safety bugs.. Mozilla Firefox security, Rocky Linux updates, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 16, 2026 Important Rocky Linux
172

Ubuntu 25.04: AngularJS Critical DoS and XSS Risks USN-7958-1

Several security issues were fixed in AngularJS.. ========================================================================== Ubuntu Security Notice USN-7958-1 January 14, 2026 angular.js vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in AngularJS. Software Description: - angular.js: JavaScript-based web framework Details: It was discovered that AngularJS did not properly sanitize certain `xlink:href` attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-14863) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2022-25844) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. (CVE-2023-26116, CVE-2023-26117) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. (CVE-2025-0716) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libjs-angularjs 1.8.3-1ubuntu0.25.04.1 Ubuntu 24.04 LTS libjs-angularjs 1.8.3-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libjs-angularjs 1.8.2-2ubuntu0.1 Ubuntu 20.04 LTS libjs-angularjs 1.7.9-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libjs-angularjs 1.5.10-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libjs-angularjs 1.2.28-1ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7958-1 CVE-2019-14863, CVE-2022-25844, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2024-21490, CVE-2024-8372, CVE-2024-8373, CVE-2025-0716, CVE-2025-2336 Package Information: https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/angular.js/1.8.2-2ubuntu0.1 . Multiple security fixes were released for AngularJS affecting various Ubuntu versions. Critical updates recommended.. AngularJS vulnerabilities, Ubuntu security update, security issues, web framework patching. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 14, 2026 Important Ubuntu
217

Oracle Linux 9: ELSA-2025-21110 BIND Important Cache Poisoning Fix

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21110 http://linux.oracle.com/errata/ELSA-2025-21110.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bind-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-chroot-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-devel-9.16.23-34.0.1.el9_7.1.i686.rpm bind-devel-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-dnssec-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-dnssec-utils-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-libs-9.16.23-34.0.1.el9_7.1.i686.rpm bind-libs-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-license-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-utils-9.16.23-34.0.1.el9_7.1.x86_64.rpm python3-bind-9.16.23-34.0.1.el9_7.1.noarch.rpm aarch64: bind-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-chroot-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-devel-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-dnssec-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-dnssec-utils-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-libs-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-license-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-utils-9.16.23-34.0.1.el9_7.1.aarch64.rpm python3-bind-9.16.23-34.0.1.el9_7.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/bind-9.16.23-34.0.1.el9_7.1.src.rpm Related CVEs: CVE-2025-40778 CVE-2025-40780 Description of changes: [32:9.16.23-34.0.1.1] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-34.1] - Prevent cache poisoning due to weak PRNG (CVE-2025-40780) - Replace downstream fixes with upstream changes - Address various spoofing attacks (CVE-2025-40778) [32:9.16.23-34] - Fix failures in idna system test (RHEL-66172) [32:9.16.23-33] - logrotate: skip if empty and remove old variants (RHEL-113942) [32:9.16.23-32] - Decode IDN names on input in all situations in utilities(RHEL-66172) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Significant updates for Oracle Linux 9 bind to address security issues and improve system integrity.. Oracle Linux Security, BIND Updates, Important Fixes, Cache Poisoning, Spoofing Attacks. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 26, 2025 Important Oracle
100

UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2

* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778 . # Security update for bind Announcement ID: SUSE-SU-2025:4222-1 Release Date: 2025-11-25T08:54:07Z Rating: important References: * bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778 * CVE-2025-40780 CVSS scores: * CVE-2025-40778 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N * CVE-2025-40778 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40778 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40780 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N * CVE-2025-40780 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40780 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves two vulnerabilities can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2025-40778: Address various spoofing attacks (bsc#1252379). * CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2025-4222=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-4222=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * libisc1606-9.16.6-150000.12.85.1 * libbind9-1600-debuginfo-9.16.6-150000.12.85.1 * libisccc1600-debuginfo-9.16.6-150000.12.85.1 * bind-debugsource-9.16.6-150000.12.85.1 * libisccfg1600-9.16.6-150000.12.85.1 * libns1604-debuginfo-9.16.6-150000.12.85.1 * libirs1601-9.16.6-150000.12.85.1 * libisc1606-debuginfo-9.16.6-150000.12.85.1 * libirs1601-debuginfo-9.16.6-150000.12.85.1 * libisccfg1600-debuginfo-9.16.6-150000.12.85.1 * libns1604-9.16.6-150000.12.85.1 * bind-utils-9.16.6-150000.12.85.1 * libdns1605-debuginfo-9.16.6-150000.12.85.1 * bind-debuginfo-9.16.6-150000.12.85.1 * libisccc1600-9.16.6-150000.12.85.1 * libbind9-1600-9.16.6-150000.12.85.1 * libdns1605-9.16.6-150000.12.85.1 * bind-utils-debuginfo-9.16.6-150000.12.85.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libisc1606-9.16.6-150000.12.85.1 * libisccfg1600-9.16.6-150000.12.85.1 * libns1604-debuginfo-9.16.6-150000.12.85.1 * libirs1601-9.16.6-150000.12.85.1 * libns1604-9.16.6-150000.12.85.1 * bind-utils-9.16.6-150000.12.85.1 * libisccc1600-9.16.6-150000.12.85.1 * libbind9-1600-9.16.6-150000.12.85.1 * libdns1605-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisc1606-64bit-9.16.6-150000.12.85.1 * libirs1601-64bit-9.16.6-150000.12.85.1 * libisccc1600-64bit-9.16.6-150000.12.85.1 * libbind9-1600-64bit-9.16.6-150000.12.85.1 * libisccfg1600-64bit-9.16.6-150000.12.85.1 * libdns1605-64bit-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.85.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40778.html * https://www.suse.com/security/cve/CVE-2025-40780.html * https://bugzilla.suse.com/show_bug.cgi?id=1252379 * https://bugzilla.suse.com/show_bug.cgi?id=1252380 .Security update for SUSE addressing important vulnerabilities in bind, including spoofing and cache-poisoning threats.. SUSE Linux, bind vulnerabilities, security patch, software update, SUSE advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 25, 2025 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200