Red Hat Product Errata RHSA-2026:13922 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:13922 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731) firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion BZ - 2455897 - CVE-2026-5734 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455901 - CVE-2026-5731 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455908 - CVE-2026-5732 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component CVEs CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 CVE-2026-33416 CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd x86_64 firefox-140.9.1-1.el9_2.x86_64.rpm SHA-256: ee872220895c47199b4860736ab49dff3c51d5b52c3923b8a76b682cafb385c2 firefox-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: f1d421c1b96e9a2abb0e646762b8e3d605676ac77503823a77484301a844cb45 firefox-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 9d3332b4496218151de52942885cd2dc7765deec49f9f416c42d1360407e9e9e firefox-x11-140.9.1-1.el9_2.x86_64.rpm SHA-256: 2202bfc45762ec6134ce0c87970a862c3040fab306630144240b7baddd03b2d8 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd ppc64le firefox-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 38e15ddb955edcdb65433717b2b14a20b7424af58e4a084f2ff663595b4d824f firefox-debuginfo-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 991b66f94b2aa6eba604cc039ff3709dd346e121a6cc9c9e7b7b661e39769cde firefox-debugsource-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 51c9db1ae6bed6b5c21c9071a7230d5a4de0429ac1001e384086b9d8d2f1d439 firefox-x11-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 868212f4fae31d434bdbba2900b1166f88928875e9f05521b0f26cd25e6dd20d Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd x86_64 firefox-140.9.1-1.el9_2.x86_64.rpm SHA-256: ee872220895c47199b4860736ab49dff3c51d5b52c3923b8a76b682cafb385c2 firefox-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: f1d421c1b96e9a2abb0e646762b8e3d605676ac77503823a77484301a844cb45 firefox-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 9d3332b4496218151de52942885cd2dc7765deec49f9f416c42d1360407e9e9e firefox-x11-140.9.1-1.el9_2.x86_64.rpm SHA-256: 2202bfc45762ec6134ce0c87970a862c3040fab306630144240b7baddd03b2d8 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd aarch64 firefox-140.9.1-1.el9_2.aarch64.rpm SHA-256: 76eb8de6b6a1087ea568e50696194407e197e1c14824465fdb7d4a267a69d0f8 firefox-debuginfo-140.9.1-1.el9_2.aarch64.rpm SHA-256: 3a44070a65de5cae56926e8a1b3cd735b6e0ec1f6c860bc76b3fc849f34c1535 firefox-debugsource-140.9.1-1.el9_2.aarch64.rpm SHA-256: 2aa42e496cc5a20a66d95273ea0744976285509a4e877076faa3087ccf62ec14 firefox-x11-140.9.1-1.el9_2.aarch64.rpm SHA-256: 8056d6be7626ec5dd0daf23986f2d01bf92d3c291c9516ec03998a9c80b23675 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd s390x firefox-140.9.1-1.el9_2.s390x.rpm SHA-256: f391c0ad3b30999c7928be40133d09b89619d3ad931c8da05d30e88e11625d9e firefox-debuginfo-140.9.1-1.el9_2.s390x.rpm SHA-256: 246d1dceff1cd6da097058d990e19aee5533b6042f3dbe57e6ffc9e0b9137db8 firefox-debugsource-140.9.1-1.el9_2.s390x.rpm SHA-256: d9624d494b9e1adec20c46d28c8c0526f73f19f79a6eb050a503cd49659ec35d firefox-x11-140.9.1-1.el9_2.s390x.rpm SHA-256: 4a4a7f46561a255ea9889bbd017088e1989d194d68544dda5ba19580a9b6edf9 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd x86_64 firefox-140.9.1-1.el9_2.x86_64.rpm SHA-256: ee872220895c47199b4860736ab49dff3c51d5b52c3923b8a76b682cafb385c2 firefox-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: f1d421c1b96e9a2abb0e646762b8e3d605676ac77503823a77484301a844cb45 firefox-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 9d3332b4496218151de52942885cd2dc7765deec49f9f416c42d1360407e9e9e firefox-x11-140.9.1-1.el9_2.x86_64.rpm SHA-256: 2202bfc45762ec6134ce0c87970a862c3040fab306630144240b7baddd03b2d8 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd aarch64 firefox-140.9.1-1.el9_2.aarch64.rpm SHA-256: 76eb8de6b6a1087ea568e50696194407e197e1c14824465fdb7d4a267a69d0f8 firefox-debuginfo-140.9.1-1.el9_2.aarch64.rpm SHA-256: 3a44070a65de5cae56926e8a1b3cd735b6e0ec1f6c860bc76b3fc849f34c1535 firefox-debugsource-140.9.1-1.el9_2.aarch64.rpm SHA-256: 2aa42e496cc5a20a66d95273ea0744976285509a4e877076faa3087ccf62ec14 firefox-x11-140.9.1-1.el9_2.aarch64.rpm SHA-256: 8056d6be7626ec5dd0daf23986f2d01bf92d3c291c9516ec03998a9c80b23675 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd ppc64le firefox-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 38e15ddb955edcdb65433717b2b14a20b7424af58e4a084f2ff663595b4d824f firefox-debuginfo-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 991b66f94b2aa6eba604cc039ff3709dd346e121a6cc9c9e7b7b661e39769cde firefox-debugsource-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 51c9db1ae6bed6b5c21c9071a7230d5a4de0429ac1001e384086b9d8d2f1d439 firefox-x11-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 868212f4fae31d434bdbba2900b1166f88928875e9f05521b0f26cd25e6dd20d Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM firefox-140.9.1-1.el9_2.src.rpm SHA-256: 6a1c07e20835407d2a1f314387aeabc1512ae6f092dcc05908a3d649d45f79dd s390x firefox-140.9.1-1.el9_2.s390x.rpm SHA-256: f391c0ad3b30999c7928be40133d09b89619d3ad931c8da05d30e88e11625d9e firefox-debuginfo-140.9.1-1.el9_2.s390x.rpm SHA-256: 246d1dceff1cd6da097058d990e19aee5533b6042f3dbe57e6ffc9e0b9137db8 firefox-debugsource-140.9.1-1.el9_2.s390x.rpm SHA-256: d9624d494b9e1adec20c46d28c8c0526f73f19f79a6eb050a503cd49659ec35d firefox-x11-140.9.1-1.el9_2.s390x.rpm SHA-256: 4a4a7f46561a255ea9889bbd017088e1989d194d68544dda5ba19580a9b6edf9 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .