This advisory addresses multiple critical vulnerabilities in Firefox for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, including libpng flaws enabling arbitrary code execution (CVE-2026-33416, CVSS 7.5) and information disclosure (CVE-2026-33636, CVSS 7.6), and memory safety bugs (CVE-2026-5734, CVSS 9.8). Affected Firefox versions are prior to 140.9.1 and 149.0.2, and the libpng library is affected from version 1.2.1 through 1.6.55. The update provides patched packages to remediate these issues.
Red Hat Product Errata RHSA-2026:13596 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13596 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731) firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion BZ - 2455897 - CVE-2026-5734 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455901 - CVE-2026-5731 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455908 - CVE-2026-5732 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component CVEs CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 CVE-2026-33416 CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM firefox-140.9.1-1.el9_0.src.rpm SHA-256: 8f7dc6baff54416e239be2589ac74b0fece56fd17d23d335d3c98ddc2e782a51 ppc64le firefox-140.9.1-1.el9_0.ppc64le.rpm SHA-256: 6f58ff10edfbfa57f10c2a89afa61355c8f289af04b2735090c3e295e05609ba firefox-debuginfo-140.9.1-1.el9_0.ppc64le.rpm SHA-256: 03dd3147267f44f3b34ea735a66cf83bfe8daf0786591d6f3d76a524b1143aa2 firefox-debugsource-140.9.1-1.el9_0.ppc64le.rpm SHA-256: 0c330255ae1ee2dc54f2d91ee754acb0485d03aed103b70812123b2e23b49c1e Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM firefox-140.9.1-1.el9_0.src.rpm SHA-256: 8f7dc6baff54416e239be2589ac74b0fece56fd17d23d335d3c98ddc2e782a51 x86_64 firefox-140.9.1-1.el9_0.x86_64.rpm SHA-256: e959a046b7b7fdae717f8dae8a09a6e9c02dc398dfaba8720aa74059d4d97cee firefox-debuginfo-140.9.1-1.el9_0.x86_64.rpm SHA-256: abf4066bffd0de72632493af5efa03d5dfbab441e490a79c64148bcde7926055 firefox-debugsource-140.9.1-1.el9_0.x86_64.rpm SHA-256: 69d26a509d7708533f1f6014eb044ed6e260efac2a5b4fa0e9afc0aea74e9c9c Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM firefox-140.9.1-1.el9_0.src.rpm SHA-256: 8f7dc6baff54416e239be2589ac74b0fece56fd17d23d335d3c98ddc2e782a51 aarch64 firefox-140.9.1-1.el9_0.aarch64.rpm SHA-256: 651d24639c3ef7ec53c5e79be55c898c05a49f43c076563a7a0bb6e6c681bf3f firefox-debuginfo-140.9.1-1.el9_0.aarch64.rpm SHA-256: bd86eb4b2eec987e4ac8ef4cf874b7df3212e96480c1dad9872fc6d46989f530 firefox-debugsource-140.9.1-1.el9_0.aarch64.rpm SHA-256: 62a2e3455006e1d5669c7251f8a22d23f37e0378a2acd302b653e607ef8d30e7 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM firefox-140.9.1-1.el9_0.src.rpm SHA-256: 8f7dc6baff54416e239be2589ac74b0fece56fd17d23d335d3c98ddc2e782a51 s390x firefox-140.9.1-1.el9_0.s390x.rpm SHA-256: 1cd423070fb3a77cb365d8dad99c59c0ef874b96f8d4079622f2950594bd2804 firefox-debuginfo-140.9.1-1.el9_0.s390x.rpm SHA-256: 21874ce1727df4beac79cc24f06d580a1a506cce31c6f6af38d83bf260e7c899 firefox-debugsource-140.9.1-1.el9_0.s390x.rpm SHA-256: d0f194bfe19b69b9a1371374baee9540a394686926d967326c7275aa3d47e369 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .