Bug 2479855 (CVE-2026-8974) - CVE-2026-8974 firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151
Summary: CVE-2026-8974 firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Fir...
Keywords:
Status: NEW
Alias: CVE-2026-8974
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-19 14:02 UTC by OSIDB Bzimport
Modified: 2026-06-22 02:29 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:21378 0 None None None 2026-05-27 16:41:33 UTC
Red Hat Product Errata RHSA-2026:21380 0 None None None 2026-05-27 16:05:21 UTC
Red Hat Product Errata RHSA-2026:21381 0 None None None 2026-05-27 16:07:23 UTC
Red Hat Product Errata RHSA-2026:21382 0 None None None 2026-05-27 16:01:33 UTC
Red Hat Product Errata RHSA-2026:22325 0 None None None 2026-06-01 15:28:16 UTC
Red Hat Product Errata RHSA-2026:22643 0 None None None 2026-06-03 00:49:20 UTC
Red Hat Product Errata RHSA-2026:26174 0 None None None 2026-06-16 06:06:34 UTC
Red Hat Product Errata RHSA-2026:26268 0 None None None 2026-06-16 12:16:59 UTC
Red Hat Product Errata RHSA-2026:26269 0 None None None 2026-06-16 11:59:02 UTC
Red Hat Product Errata RHSA-2026:26270 0 None None None 2026-06-16 11:59:28 UTC
Red Hat Product Errata RHSA-2026:26491 0 None None None 2026-06-17 05:42:56 UTC
Red Hat Product Errata RHSA-2026:26492 0 None None None 2026-06-17 05:57:18 UTC
Red Hat Product Errata RHSA-2026:26493 0 None None None 2026-06-17 05:51:36 UTC
Red Hat Product Errata RHSA-2026:26521 0 None None None 2026-06-17 08:02:32 UTC
Red Hat Product Errata RHSA-2026:26536 0 None None None 2026-06-17 10:00:58 UTC
Red Hat Product Errata RHSA-2026:26539 0 None None None 2026-06-17 10:25:09 UTC
Red Hat Product Errata RHSA-2026:26551 0 None None None 2026-06-17 10:56:17 UTC
Red Hat Product Errata RHSA-2026:26606 0 None None None 2026-06-17 14:35:01 UTC
Red Hat Product Errata RHSA-2026:26629 0 None None None 2026-06-17 15:21:33 UTC
Red Hat Product Errata RHSA-2026:26630 0 None None None 2026-06-17 15:40:04 UTC
Red Hat Product Errata RHSA-2026:27715 0 None None None 2026-06-22 02:29:44 UTC

Description OSIDB Bzimport 2026-05-19 14:02:33 UTC
Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

Comment 1 errata-xmlrpc 2026-05-27 16:01:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:21382 https://access.redhat.com/errata/RHSA-2026:21382

Comment 2 errata-xmlrpc 2026-05-27 16:05:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:21380 https://access.redhat.com/errata/RHSA-2026:21380

Comment 3 errata-xmlrpc 2026-05-27 16:07:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:21381 https://access.redhat.com/errata/RHSA-2026:21381

Comment 4 errata-xmlrpc 2026-05-27 16:41:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:21378 https://access.redhat.com/errata/RHSA-2026:21378

Comment 5 errata-xmlrpc 2026-06-01 15:28:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22325 https://access.redhat.com/errata/RHSA-2026:22325

Comment 6 errata-xmlrpc 2026-06-03 00:49:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:22643 https://access.redhat.com/errata/RHSA-2026:22643

Comment 8 errata-xmlrpc 2026-06-16 06:06:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:26174 https://access.redhat.com/errata/RHSA-2026:26174

Comment 9 errata-xmlrpc 2026-06-16 11:59:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:26269 https://access.redhat.com/errata/RHSA-2026:26269

Comment 10 errata-xmlrpc 2026-06-16 11:59:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:26270 https://access.redhat.com/errata/RHSA-2026:26270

Comment 11 errata-xmlrpc 2026-06-16 12:16:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:26268 https://access.redhat.com/errata/RHSA-2026:26268

Comment 12 errata-xmlrpc 2026-06-17 05:42:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:26491 https://access.redhat.com/errata/RHSA-2026:26491

Comment 13 errata-xmlrpc 2026-06-17 05:51:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:26493 https://access.redhat.com/errata/RHSA-2026:26493

Comment 14 errata-xmlrpc 2026-06-17 05:57:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:26492 https://access.redhat.com/errata/RHSA-2026:26492

Comment 15 errata-xmlrpc 2026-06-17 08:02:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:26521 https://access.redhat.com/errata/RHSA-2026:26521

Comment 16 errata-xmlrpc 2026-06-17 10:00:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:26536 https://access.redhat.com/errata/RHSA-2026:26536

Comment 17 errata-xmlrpc 2026-06-17 10:25:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:26539 https://access.redhat.com/errata/RHSA-2026:26539

Comment 18 errata-xmlrpc 2026-06-17 10:56:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:26551 https://access.redhat.com/errata/RHSA-2026:26551

Comment 19 errata-xmlrpc 2026-06-17 14:35:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:26606 https://access.redhat.com/errata/RHSA-2026:26606

Comment 20 errata-xmlrpc 2026-06-17 15:21:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:26629 https://access.redhat.com/errata/RHSA-2026:26629

Comment 21 errata-xmlrpc 2026-06-17 15:40:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:26630 https://access.redhat.com/errata/RHSA-2026:26630

Comment 22 errata-xmlrpc 2026-06-22 02:29:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:27715 https://access.redhat.com/errata/RHSA-2026:27715


Note You need to log in before you can comment on or make changes to this bug.