MGASA-2026-0124
- Source
- https://advisories.mageia.org/MGASA-2026-0124.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0124.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2026-0124
- Upstream
- Published
- 2026-05-09T16:24:29Z
- Modified
- 2026-05-09T16:30:33.798043Z
- Summary
- Updated rootcerts, nss & firefox packages fix security vulnerabilities
- Details
-
Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746) Use-after-free in the WebRTC component. (CVE-2026-6747) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6748) Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-6749) Privilege escalation in the Graphics: WebRender component. (CVE-2026-6750) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6751) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753) Use-after-free in the JavaScript Engine component. (CVE-2026-6754) Invalid pointer in the JavaScript: WebAssembly component. (CVE-2026-6757) Use-after-free in the Widget: Cocoa component. (CVE-2026-6759) Privilege escalation in the Networking component. (CVE-2026-6761) Spoofing issue in the DOM: Core & HTML component. (CVE-2026-6762) Mitigation bypass in the File Handling component. (CVE-2026-6763) Incorrect boundary conditions in the DOM: Device Interfaces component. (CVE-2026-6764) Information disclosure in the Form Autofill component. (CVE-2026-6765) Incorrect boundary conditions in the Libraries component in NSS. (CVE-2026-6766) Other issue in the Libraries component in NSS. (CVE-2026-6767) Privilege escalation in the Debugger component. (CVE-2026-6769) Other issue in the Storage: IndexedDB component. (CVE-2026-6770) Mitigation bypass in the DOM: Security component. (CVE-2026-6771) Incorrect boundary conditions in the Libraries component in NSS. (CVE-2026-6772) Incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-6776) Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785) Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6786) Information disclosure due to incorrect boundary conditions in the Audio/Video component. (CVE-2026-7320) Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-7321) Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. (CVE-2026-7322) Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1. (CVE-2026-7323)
- References
-
- https://advisories.mageia.org/MGASA-2026-0124.html
- https://bugs.mageia.org/show_bug.cgi?id=35403
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_123.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_123_1.html
- https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/
- https://www.firefox.com/en-US/firefox/140.10.1/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9
Mageia:9 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?arch=source&distro=mageia-9
Mageia:9 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?arch=source&distro=mageia-9
Mageia:9 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9