MGASA-2026-0242

Source
https://advisories.mageia.org/MGASA-2026-0242.html
Import Source
https://advisories.mageia.org/MGASA-2026-0242.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0242
Upstream
  • CVE-2026-12289
  • CVE-2026-12290
  • CVE-2026-12291
  • CVE-2026-12292
  • CVE-2026-12294
  • CVE-2026-12295
  • CVE-2026-12296
  • CVE-2026-12297
  • CVE-2026-12298
  • CVE-2026-12299
  • CVE-2026-12302
  • CVE-2026-12304
  • CVE-2026-12305
  • CVE-2026-12306
  • CVE-2026-12307
  • CVE-2026-12308
  • CVE-2026-12309
  • CVE-2026-12310
  • CVE-2026-12311
  • CVE-2026-12312
  • CVE-2026-12313
  • CVE-2026-12314
  • CVE-2026-12315
  • CVE-2026-12324
  • CVE-2026-12325
  • CVE-2026-12327
  • CVE-2026-12328
  • CVE-2026-12329
  • CVE-2026-12330
Published
2026-07-13T21:24:46Z
Modified
2026-07-13T21:30:05.933019631Z
Summary
Updated firefox, firefox-l10n, rootcerts, nss packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: Privilege escalation in the Graphics: WebRender component. (CVE-2026-12289) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12290) Use-after-free in the Networking: HTTP component. (CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. (CVE-2026-12292) Sandbox escape in the DOM: Workers component. (CVE-2026-12294) Sandbox escape in the DOM: Navigation component. (CVE-2026-12295) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12298) Sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. (CVE-2026-12297) JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12329) Mitigation bypass in the DOM: Security component. (CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. (CVE-2026-12304) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12305) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12306) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12307) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12308) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12309) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12310) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12311) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12312) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12313) Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12314) Mitigation bypass in the DOM: Security component. (CVE-2026-12315) Incorrect boundary conditions in the Internationalization component. (CVE-2026-12330) Incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2026-12324) Denial-of-service in the Graphics: ImageLib component. (CVE-2026-12325) Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12327) Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12328)

References
Credits

Affected packages

Mageia:10
rootcerts

Package

Name
rootcerts
Purl
pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20260611.00-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
nss

Package

Name
nss
Purl
pkg:rpm/mageia/nss?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.125.0-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.12.0-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.12.0-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
Mageia:9
rootcerts

Package

Name
rootcerts
Purl
pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20260611.00-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
nss

Package

Name
nss
Purl
pkg:rpm/mageia/nss?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.125.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.12.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"
firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.12.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0242.json"