Vulnerability-Lookup

RHSA-2026:27717

Vulnerability from csaf_redhat - Published: 2026-06-22 03:17 - Updated: 2026-06-22 07:48

Summary

Red Hat Security Advisory: firefox security update

Severity

Important

Notes

Topic: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327) * firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328) * firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310) * firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325) * firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295) * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315) * firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307) * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305) * firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308) * firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324) * firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304) * firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291) * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-12289

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12290

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-823 - Use of Out-of-range Pointer Offset

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12291

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12292

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12294

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12295

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-653 - Improper Isolation or Compartmentalization

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12296

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-403 - Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12297

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-653 - Improper Isolation or Compartmentalization

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12298

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Firefox ESR 140.12

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12299

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12302

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12304

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-346 - Origin Validation Error

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12305

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12306

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-787 - Out-of-bounds Write

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12307

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12308

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12309

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12310

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12311

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-243 - Creation of chroot Jail Without Changing Working Directory

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12312

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-787 - Out-of-bounds Write

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12313

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-403 - Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12314

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-787 - Out-of-bounds Write

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12315

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12324

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: CanvasWebGL component

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2026-12325

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2026-12327

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-787 - Out-of-bounds Write

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-12328

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12329

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-12330

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Internationalization component

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

206 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:27717	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489207	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489208	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489209	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489210	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489211	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489212	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489214	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489215	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489218	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489220	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489221	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489223	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489224	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489225	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489226	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489231	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489232	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489233	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489234	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489235	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489236	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489237	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489239	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489240	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489243	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489244	external
https://bugzilla.redhat.com/show_bug.cgi?id=2489248	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-12289	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489229	external
https://www.cve.org/CVERecord?id=CVE-2026-12289	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12289	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12290	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489210	external
https://www.cve.org/CVERecord?id=CVE-2026-12290	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12290	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489244	external
https://www.cve.org/CVERecord?id=CVE-2026-12291	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12291	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12292	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489237	external
https://www.cve.org/CVERecord?id=CVE-2026-12292	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12292	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12294	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489207	external
https://www.cve.org/CVERecord?id=CVE-2026-12294	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12294	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12295	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489226	external
https://www.cve.org/CVERecord?id=CVE-2026-12295	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12295	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12296	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489232	external
https://www.cve.org/CVERecord?id=CVE-2026-12296	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12296	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12297	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489235	external
https://www.cve.org/CVERecord?id=CVE-2026-12297	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12297	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12298	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489248	external
https://www.cve.org/CVERecord?id=CVE-2026-12298	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12298	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12299	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489212	external
https://www.cve.org/CVERecord?id=CVE-2026-12299	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12299	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12302	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489217	external
https://www.cve.org/CVERecord?id=CVE-2026-12302	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12302	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12304	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489243	external
https://www.cve.org/CVERecord?id=CVE-2026-12304	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12304	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12305	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489236	external
https://www.cve.org/CVERecord?id=CVE-2026-12305	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12305	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12306	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489233	external
https://www.cve.org/CVERecord?id=CVE-2026-12306	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12306	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12307	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489234	external
https://www.cve.org/CVERecord?id=CVE-2026-12307	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12307	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12308	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489239	external
https://www.cve.org/CVERecord?id=CVE-2026-12308	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12308	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12309	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489223	external
https://www.cve.org/CVERecord?id=CVE-2026-12309	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12309	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12310	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489224	external
https://www.cve.org/CVERecord?id=CVE-2026-12310	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12310	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12311	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489209	external
https://www.cve.org/CVERecord?id=CVE-2026-12311	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12311	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12312	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489215	external
https://www.cve.org/CVERecord?id=CVE-2026-12312	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12312	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12313	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489208	external
https://www.cve.org/CVERecord?id=CVE-2026-12313	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12313	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12314	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489221	external
https://www.cve.org/CVERecord?id=CVE-2026-12314	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12314	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12315	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489231	external
https://www.cve.org/CVERecord?id=CVE-2026-12315	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12315	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12324	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489240	external
https://www.cve.org/CVERecord?id=CVE-2026-12324	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12324	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12325	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489225	external
https://www.cve.org/CVERecord?id=CVE-2026-12325	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12325	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489211	external
https://www.cve.org/CVERecord?id=CVE-2026-12327	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12327	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12328	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489218	external
https://www.cve.org/CVERecord?id=CVE-2026-12328	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12328	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12329	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489214	external
https://www.cve.org/CVERecord?id=CVE-2026-12329	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12329	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2026-12330	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489220	external
https://www.cve.org/CVERecord?id=CVE-2026-12330	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12330	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core \u0026 HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:27717",
        "url": "https://access.redhat.com/errata/RHSA-2026:27717"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2489207",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207"
      },
      {
        "category": "external",
        "summary": "2489208",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208"
      },
      {
        "category": "external",
        "summary": "2489209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209"
      },
      {
        "category": "external",
        "summary": "2489210",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210"
      },
      {
        "category": "external",
        "summary": "2489211",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211"
      },
      {
        "category": "external",
        "summary": "2489212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212"
      },
      {
        "category": "external",
        "summary": "2489214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214"
      },
      {
        "category": "external",
        "summary": "2489215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215"
      },
      {
        "category": "external",
        "summary": "2489217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217"
      },
      {
        "category": "external",
        "summary": "2489218",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218"
      },
      {
        "category": "external",
        "summary": "2489220",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220"
      },
      {
        "category": "external",
        "summary": "2489221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221"
      },
      {
        "category": "external",
        "summary": "2489223",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223"
      },
      {
        "category": "external",
        "summary": "2489224",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224"
      },
      {
        "category": "external",
        "summary": "2489225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225"
      },
      {
        "category": "external",
        "summary": "2489226",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226"
      },
      {
        "category": "external",
        "summary": "2489229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229"
      },
      {
        "category": "external",
        "summary": "2489231",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231"
      },
      {
        "category": "external",
        "summary": "2489232",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232"
      },
      {
        "category": "external",
        "summary": "2489233",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233"
      },
      {
        "category": "external",
        "summary": "2489234",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234"
      },
      {
        "category": "external",
        "summary": "2489235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235"
      },
      {
        "category": "external",
        "summary": "2489236",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236"
      },
      {
        "category": "external",
        "summary": "2489237",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237"
      },
      {
        "category": "external",
        "summary": "2489239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239"
      },
      {
        "category": "external",
        "summary": "2489240",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240"
      },
      {
        "category": "external",
        "summary": "2489243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243"
      },
      {
        "category": "external",
        "summary": "2489244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244"
      },
      {
        "category": "external",
        "summary": "2489248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27717.json"
      }
    ],
    "title": "Red Hat Security Advisory: firefox security update",
    "tracking": {
      "current_release_date": "2026-06-22T07:48:14+00:00",
      "generator": {
        "date": "2026-06-22T07:48:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:27717",
      "initial_release_date": "2026-06-22T03:17:11+00:00",
      "revision_history": [
        {
          "date": "2026-06-22T03:17:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-22T03:17:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-22T07:48:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:140.12.0-1.el8_10.src",
                "product": {
                  "name": "firefox-0:140.12.0-1.el8_10.src",
                  "product_id": "firefox-0:140.12.0-1.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@140.12.0-1.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:140.12.0-1.el8_10.aarch64",
                "product": {
                  "name": "firefox-0:140.12.0-1.el8_10.aarch64",
                  "product_id": "firefox-0:140.12.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@140.12.0-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
                "product": {
                  "name": "firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
                  "product_id": "firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@140.12.0-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
                "product": {
                  "name": "firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
                  "product_id": "firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@140.12.0-1.el8_10?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:140.12.0-1.el8_10.ppc64le",
                "product": {
                  "name": "firefox-0:140.12.0-1.el8_10.ppc64le",
                  "product_id": "firefox-0:140.12.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@140.12.0-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
                "product": {
                  "name": "firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
                  "product_id": "firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@140.12.0-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
                "product": {
                  "name": "firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
                  "product_id": "firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@140.12.0-1.el8_10?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:140.12.0-1.el8_10.x86_64",
                "product": {
                  "name": "firefox-0:140.12.0-1.el8_10.x86_64",
                  "product_id": "firefox-0:140.12.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@140.12.0-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:140.12.0-1.el8_10.x86_64",
                "product": {
                  "name": "firefox-debugsource-0:140.12.0-1.el8_10.x86_64",
                  "product_id": "firefox-debugsource-0:140.12.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@140.12.0-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
                "product": {
                  "name": "firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
                  "product_id": "firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@140.12.0-1.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:140.12.0-1.el8_10.s390x",
                "product": {
                  "name": "firefox-0:140.12.0-1.el8_10.s390x",
                  "product_id": "firefox-0:140.12.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@140.12.0-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:140.12.0-1.el8_10.s390x",
                "product": {
                  "name": "firefox-debugsource-0:140.12.0-1.el8_10.s390x",
                  "product_id": "firefox-debugsource-0:140.12.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@140.12.0-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
                "product": {
                  "name": "firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
                  "product_id": "firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@140.12.0-1.el8_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:140.12.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64"
        },
        "product_reference": "firefox-0:140.12.0-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:140.12.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le"
        },
        "product_reference": "firefox-0:140.12.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:140.12.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x"
        },
        "product_reference": "firefox-0:140.12.0-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:140.12.0-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src"
        },
        "product_reference": "firefox-0:140.12.0-1.el8_10.src",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:140.12.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64"
        },
        "product_reference": "firefox-0:140.12.0-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:140.12.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64"
        },
        "product_reference": "firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le"
        },
        "product_reference": "firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:140.12.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x"
        },
        "product_reference": "firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:140.12.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64"
        },
        "product_reference": "firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:140.12.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64"
        },
        "product_reference": "firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:140.12.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le"
        },
        "product_reference": "firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:140.12.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x"
        },
        "product_reference": "firefox-debugsource-0:140.12.0-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:140.12.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        },
        "product_reference": "firefox-debugsource-0:140.12.0-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-12289",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2026-06-16T14:02:01.382315+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nPrivilege escalation in the Graphics: WebRender component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Privilege escalation in the Graphics: WebRender component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12289"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12289"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12289",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12289"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12289",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12289"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12289",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12289"
        }
      ],
      "release_date": "2026-06-16T11:52:22.944000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Privilege escalation in the Graphics: WebRender component"
    },
    {
      "cve": "CVE-2026-12290",
      "cwe": {
        "id": "CWE-823",
        "name": "Use of Out-of-range Pointer Offset"
      },
      "discovery_date": "2026-06-16T14:01:07.473083+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489210"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12290"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489210",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12290"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12290",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12290"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12290",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12290"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12290",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12290"
        }
      ],
      "release_date": "2026-06-16T11:52:23.998000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12291",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:02:52.191165+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUse-after-free in the Networking: HTTP component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Use-after-free in the Networking: HTTP component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12291"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12291",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12291"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12291",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12291"
        }
      ],
      "release_date": "2026-06-16T11:52:24.990000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Use-after-free in the Networking: HTTP component"
    },
    {
      "cve": "CVE-2026-12292",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-06-16T14:02:24.994718+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489237"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions in the Web Audio component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Incorrect boundary conditions in the Web Audio component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12292"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489237",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12292"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12292",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12292"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12292",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12292"
        }
      ],
      "release_date": "2026-06-16T11:52:25.938000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Incorrect boundary conditions in the Web Audio component"
    },
    {
      "cve": "CVE-2026-12294",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2026-06-16T14:00:58.833504+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489207"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSandbox escape in the DOM: Workers component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Sandbox escape in the DOM: Workers component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12294"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489207",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12294"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12294",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12294"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12294",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12294"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12294",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12294"
        }
      ],
      "release_date": "2026-06-16T11:52:27.895000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Sandbox escape in the DOM: Workers component"
    },
    {
      "cve": "CVE-2026-12295",
      "cwe": {
        "id": "CWE-653",
        "name": "Improper Isolation or Compartmentalization"
      },
      "discovery_date": "2026-06-16T14:01:52.693895+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489226"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSandbox escape in the DOM: Navigation component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Sandbox escape in the DOM: Navigation component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12295"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489226",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12295"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12295",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12295"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12295",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12295"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12295",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12295"
        }
      ],
      "release_date": "2026-06-16T11:52:28.892000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Sandbox escape in the DOM: Navigation component"
    },
    {
      "cve": "CVE-2026-12296",
      "cwe": {
        "id": "CWE-403",
        "name": "Exposure of File Descriptor to Unintended Control Sphere (\u0027File Descriptor Leak\u0027)"
      },
      "discovery_date": "2026-06-16T14:02:09.995994+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489232"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12296"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489232",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12296"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12296",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12296"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12296",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12296"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12296",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12296"
        }
      ],
      "release_date": "2026-06-16T11:52:29.869000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component"
    },
    {
      "cve": "CVE-2026-12297",
      "cwe": {
        "id": "CWE-653",
        "name": "Improper Isolation or Compartmentalization"
      },
      "discovery_date": "2026-06-16T14:02:19.065703+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSandbox escape due to incorrect boundary conditions in the Networking component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12297"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12297"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12297",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12297"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12297",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12297"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12297",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12297"
        }
      ],
      "release_date": "2026-06-16T11:52:30.907000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component"
    },
    {
      "cve": "CVE-2026-12298",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2026-06-16T14:03:09.940933+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489248"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Firefox ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12298"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489248",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12298"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12298",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12298"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12298",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12298"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12298",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12298"
        }
      ],
      "release_date": "2026-06-16T11:52:31.879000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12"
    },
    {
      "cve": "CVE-2026-12299",
      "cwe": {
        "id": "CWE-733",
        "name": "Compiler Optimization Removal or Modification of Security-critical Code"
      },
      "discovery_date": "2026-06-16T14:01:13.587763+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489212"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nJIT miscompilation in the DOM: Core \u0026 HTML component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: JIT miscompilation in the DOM: Core \u0026 HTML component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12299"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489212",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12299"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12299",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12299"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12299",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12299"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12299",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12299"
        }
      ],
      "release_date": "2026-06-16T11:52:32.885000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: JIT miscompilation in the DOM: Core \u0026 HTML component"
    },
    {
      "cve": "CVE-2026-12302",
      "discovery_date": "2026-06-16T14:01:27.359698+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMitigation bypass in the DOM: Security component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Mitigation bypass in the DOM: Security component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12302"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12302"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12302",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12302"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12302",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12302"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12302",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12302"
        }
      ],
      "release_date": "2026-06-16T11:52:35.893000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Mitigation bypass in the DOM: Security component"
    },
    {
      "cve": "CVE-2026-12304",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2026-06-16T14:02:49.043522+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489243"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSame-origin policy bypass in the Networking: Cookies component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12304"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489243",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12304"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12304",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12304"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12304",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12304"
        }
      ],
      "release_date": "2026-06-16T11:52:37.817000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component"
    },
    {
      "cve": "CVE-2026-12305",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:02:22.130476+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489236"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12305"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489236",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12305"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12305",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12305"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12305",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12305"
        }
      ],
      "release_date": "2026-06-16T11:52:38.793000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12306",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-06-16T14:02:12.768249+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489233"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12306"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489233",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12306"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12306",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12306"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12306",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12306"
        }
      ],
      "release_date": "2026-06-16T11:52:39.808000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12307",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:02:15.592277+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12307"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12307"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12307",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12307"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12307",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12307"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12307",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12307"
        }
      ],
      "release_date": "2026-06-16T11:52:40.757000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12308",
      "discovery_date": "2026-06-16T14:02:32.234339+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489239"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12308"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489239",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12308"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12308",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12308"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12308",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12308"
        }
      ],
      "release_date": "2026-06-16T11:52:41.775000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12309",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:01:44.043497+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489223"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12309"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489223",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12309"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12309",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12309"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12309",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12309"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12309",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12309"
        }
      ],
      "release_date": "2026-06-16T11:52:42.737000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12310",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:01:47.037982+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12310"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12310"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12310",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12310"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12310",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12310"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12310",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12310"
        }
      ],
      "release_date": "2026-06-16T11:52:43.757000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12311",
      "cwe": {
        "id": "CWE-243",
        "name": "Creation of chroot Jail Without Changing Working Directory"
      },
      "discovery_date": "2026-06-16T14:01:04.792704+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489209"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nInformation disclosure, sandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12311"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489209",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12311"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12311",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12311"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12311",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12311"
        }
      ],
      "release_date": "2026-06-16T11:52:44.738000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component"
    },
    {
      "cve": "CVE-2026-12312",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-06-16T14:01:22.088751+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489215"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12312"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489215",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12312"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12312",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12312"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12312",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12312"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12312",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12312"
        }
      ],
      "release_date": "2026-06-16T11:52:45.734000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12313",
      "cwe": {
        "id": "CWE-403",
        "name": "Exposure of File Descriptor to Unintended Control Sphere (\u0027File Descriptor Leak\u0027)"
      },
      "discovery_date": "2026-06-16T14:01:01.795657+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489208"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nInformation disclosure, sandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12313"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489208",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12313"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12313",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12313"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12313",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12313"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12313",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12313"
        }
      ],
      "release_date": "2026-06-16T11:52:46.728000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component"
    },
    {
      "cve": "CVE-2026-12314",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-06-16T14:01:38.310015+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489221"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12314"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489221",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12314"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12314",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12314"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12314",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12314"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12314",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12314"
        }
      ],
      "release_date": "2026-06-16T11:52:47.771000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12315",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "discovery_date": "2026-06-16T14:02:07.133455+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489231"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMitigation bypass in the DOM: Security component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Mitigation bypass in the DOM: Security component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12315"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489231",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12315"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12315",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12315"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12315",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12315"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12315",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12315"
        }
      ],
      "release_date": "2026-06-16T11:52:48.735000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Mitigation bypass in the DOM: Security component"
    },
    {
      "cve": "CVE-2026-12324",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-06-16T14:02:37.333005+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489240"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions in the Graphics: CanvasWebGL component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12324"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489240",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12324"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12324",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12324"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12324",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12324"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12324",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12324"
        }
      ],
      "release_date": "2026-06-16T11:52:57.719000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component"
    },
    {
      "cve": "CVE-2026-12325",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-06-16T14:01:49.725518+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489225"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nDenial-of-service in the Graphics: ImageLib component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12325"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489225",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12325"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12325",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12325"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12325",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12325"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12325",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12325"
        }
      ],
      "release_date": "2026-06-16T11:52:58.728000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component"
    },
    {
      "cve": "CVE-2026-12327",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-06-16T14:01:10.820690+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489211"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489211",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12327"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12327",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12327"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12327",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12327"
        }
      ],
      "release_date": "2026-06-16T11:53:00.798000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
    },
    {
      "cve": "CVE-2026-12328",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-06-16T14:01:30.159745+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489218"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12328"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489218",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12328",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12328"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12328",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12328"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12328",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12328"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12328",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12328"
        }
      ],
      "release_date": "2026-06-16T11:53:01.835000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152"
    },
    {
      "cve": "CVE-2026-12329",
      "discovery_date": "2026-06-16T14:01:19.195332+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489214"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12329"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489214",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12329"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12329",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12329"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12329",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12329"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12329",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12329"
        }
      ],
      "release_date": "2026-06-16T11:53:02.833000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12"
    },
    {
      "cve": "CVE-2026-12330",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-06-16T14:01:35.662218+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489220"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions in the Internationalization component",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: Incorrect boundary conditions in the Internationalization component",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12330"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489220",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12330"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12330",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12330"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12330",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/#CVE-2026-12330"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12330",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/#CVE-2026-12330"
        }
      ],
      "release_date": "2026-06-16T11:53:03.839000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T03:17:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27717"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.12.0-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.12.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "firefox: thunderbird: Incorrect boundary conditions in the Internationalization component"
    }
  ]
}

CVE-2026-12289 (GCVE-0-2026-12289)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-17 03:55

Title

Privilege escalation in the Graphics: WebRender component

Summary

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2023443
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

choeseyeong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T03:55:48.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "choeseyeong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:23.846Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023443"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Privilege escalation in the Graphics: WebRender component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12289",
    "datePublished": "2026-06-16T11:52:22.944Z",
    "dateReserved": "2026-06-15T15:08:05.525Z",
    "dateUpdated": "2026-06-17T03:55:48.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12290 (GCVE-0-2026-12290)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 18:00

Title

Memory safety bug fixed in Firefox 152

Summary

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2024852
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

jayjayjazz

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T13:40:30.960030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T13:48:25.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jayjayjazz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T18:00:44.212Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2024852"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bug fixed in Firefox 152"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12290",
    "datePublished": "2026-06-16T11:52:23.998Z",
    "dateReserved": "2026-06-15T15:08:06.073Z",
    "dateUpdated": "2026-06-18T18:00:44.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12291 (GCVE-0-2026-12291)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:11

Title

Use-after-free in the Networking: HTTP component

Summary

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2036929
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Zijie Zhao

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12291",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:28:26.350179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:11:30.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zijie Zhao"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:24.979Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2036929"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Use-after-free in the Networking: HTTP component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12291",
    "datePublished": "2026-06-16T11:52:24.990Z",
    "dateReserved": "2026-06-15T15:08:06.495Z",
    "dateUpdated": "2026-06-18T16:11:30.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12292 (GCVE-0-2026-12292)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:11

Title

Incorrect boundary conditions in the Web Audio component

Summary

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038465
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Zijie Zhao

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:27:33.082869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:11:24.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zijie Zhao"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:25.546Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038465"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Incorrect boundary conditions in the Web Audio component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12292",
    "datePublished": "2026-06-16T11:52:25.938Z",
    "dateReserved": "2026-06-15T15:08:07.009Z",
    "dateUpdated": "2026-06-18T16:11:24.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12294 (GCVE-0-2026-12294)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:11

Title

Sandbox escape in the DOM: Workers component

Summary

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2039873
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Quy Pham

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:23:00.636355Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:11:13.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Quy Pham"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:26.614Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039873"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Sandbox escape in the DOM: Workers component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12294",
    "datePublished": "2026-06-16T11:52:27.895Z",
    "dateReserved": "2026-06-15T15:08:07.929Z",
    "dateUpdated": "2026-06-18T16:11:13.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12295 (GCVE-0-2026-12295)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:11

Title

Sandbox escape in the DOM: Navigation component

Summary

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2040160
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Yaqoub Aldurayhim

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:22:12.218567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:11:07.626Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yaqoub Aldurayhim"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:27.150Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040160"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Sandbox escape in the DOM: Navigation component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12295",
    "datePublished": "2026-06-16T11:52:28.892Z",
    "dateReserved": "2026-06-15T15:08:08.316Z",
    "dateUpdated": "2026-06-18T16:11:07.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12296 (GCVE-0-2026-12296)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:11

Title

Sandbox escape in the Security: Process Sandboxing component

Summary

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2040515
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Yaqoub Aldurayhim

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:06:20.720960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:11:00.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yaqoub Aldurayhim"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:27.678Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040515"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Sandbox escape in the Security: Process Sandboxing component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12296",
    "datePublished": "2026-06-16T11:52:29.869Z",
    "dateReserved": "2026-06-15T15:08:08.752Z",
    "dateUpdated": "2026-06-18T16:11:00.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12297 (GCVE-0-2026-12297)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 16:10

Title

Sandbox escape due to incorrect boundary conditions in the Networking component

Summary

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2041610
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T14:05:00.908905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T16:10:54.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "zx"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:28.217Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2041610"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions in the Networking component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12297",
    "datePublished": "2026-06-16T11:52:30.907Z",
    "dateReserved": "2026-06-15T15:08:09.151Z",
    "dateUpdated": "2026-06-18T16:10:54.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12298 (GCVE-0-2026-12298)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-18 18:00

Title

Memory safety bug fixed in Firefox 152

Summary

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write
CWE-416 - Use After Free

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2041981
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Haruka Yamazaki

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:30:33.070995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:30:35.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Haruka Yamazaki"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T18:00:46.554Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2041981"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "Memory safety bug fixed in Firefox 152"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12298",
    "datePublished": "2026-06-16T11:52:31.879Z",
    "dateReserved": "2026-06-15T15:08:09.561Z",
    "dateUpdated": "2026-06-18T18:00:46.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12299 (GCVE-0-2026-12299)

Vulnerability from cvelistv5 – Published: 2026-06-16 11:52 – Updated: 2026-06-16 16:08

Title

JIT miscompilation in the DOM: Core & HTML component

Summary

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2043139
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.37 , ≤ 115.* (rpm) Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.12 , ≤ 140.* (rpm) Unaffected: 152 , ≤ * (rpm)

Credits

Hyeonjun Ahn

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12299",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:29:18.198351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:29:57.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.37",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.12",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "152",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hyeonjun Ahn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "JIT miscompilation in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
            }
          ],
          "value": "JIT miscompilation in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:29.277Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2043139"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-60/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-61/"
        }
      ],
      "title": "JIT miscompilation in the DOM: Core \u0026 HTML component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-12299",
    "datePublished": "2026-06-16T11:52:32.885Z",
    "dateReserved": "2026-06-15T15:08:10.195Z",
    "dateUpdated": "2026-06-16T16:08:29.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:27717

CVE-2026-12289 (GCVE-0-2026-12289)

CVE-2026-12290 (GCVE-0-2026-12290)

CVE-2026-12291 (GCVE-0-2026-12291)

CVE-2026-12292 (GCVE-0-2026-12292)

CVE-2026-12294 (GCVE-0-2026-12294)

CVE-2026-12295 (GCVE-0-2026-12295)

CVE-2026-12296 (GCVE-0-2026-12296)

CVE-2026-12297 (GCVE-0-2026-12297)

CVE-2026-12298 (GCVE-0-2026-12298)

CVE-2026-12299 (GCVE-0-2026-12299)

Tags

Sightings

Nomenclature