openEuler-SA-2026-2106

Synopsis:

firefox security updateSummary:

An update for firefox is now available for openEuler-24.03-LTSDescription:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global moz_debug_prefix /lib/debug %global moz_debug_dir /lib/debug/ %global uname_m %(uname -m) %global symbols_file_name -.en-US.-%(uname.crashreporter-symbols.zip %global symbols_file_path /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip %global _find_debuginfo_opts -p /lib/debug//-.en-US.-%(uname.crashreporter-symbols.zip -o debugcrashreporter.list %global crashreporter_pkg_name mozilla-crashreporter--debuginfo

Security Fix(es):

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6746)

Use-after-free vulnerability in the WebRTC component of Firefox. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6747)

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6748)

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6749)

Privilege escalation vulnerability in the WebRender graphics component of Firefox browser. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6750)

An uninitialized memory vulnerability exists in the Audio/Video: Web Codecs component of Firefox browser. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6751)

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6752)

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10,...