OESA-2026-2133
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2133
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2133.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2133
- Upstream
- Published
- 2026-05-03T09:55:40Z
- Modified
- 2026-05-03T10:17:05.976531Z
- Summary
- firefox security update
- Details
-
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %(uname -m) %global symbolsfilename -.en-US.-%(uname.crashreporter-symbols.zip %global symbolsfilepath /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global finddebuginfoopts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporterpkgname mozilla-crashreporter--debuginfo
Security Fix(es):
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7320)
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.(CVE-2026-7321)
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7322)
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7323)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:24.03-LTS-SP1 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/openEuler/firefox&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed140.10.1-1.oe2403sp1
Ecosystem specific
{
"x86_64": [
"firefox-140.10.1-1.oe2403sp1.x86_64.rpm",
"firefox-debuginfo-140.10.1-1.oe2403sp1.x86_64.rpm",
"firefox-debugsource-140.10.1-1.oe2403sp1.x86_64.rpm"
],
"src": [
"firefox-140.10.1-1.oe2403sp1.src.rpm"
],
"aarch64": [
"firefox-140.10.1-1.oe2403sp1.aarch64.rpm",
"firefox-debuginfo-140.10.1-1.oe2403sp1.aarch64.rpm",
"firefox-debugsource-140.10.1-1.oe2403sp1.aarch64.rpm"
]
}