This security update addresses three vulnerabilities in Mozilla Firefox for Red Hat Enterprise Linux 8, including a critical (CVSS 9.8) unspecified issue in the WebRTC component (CVE-2026-8094), a high-severity use-after-free in the DOM: Networking component (CVE-2026-8090, CVSS 7.3), and memory safety bugs (CVE-2026-8092, CVSS 8.1). Affected versions vary by CVE, but include Firefox versions prior to 115.35.2, versions 140.0 through 140.10.1, and versions 150.0 through 150.0.1. The fix requires updating to Firefox version 140.10.2 for RHEL 8.
Red Hat Product Errata RHSA-2026:20566 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20566 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: Other issue in the WebRTC component (CVE-2026-8094) firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 (CVE-2026-8092) firefox: Use-after-free in the DOM: Networking component (CVE-2026-8090) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2467706 - CVE-2026-8094 firefox: Other issue in the WebRTC component BZ - 2467708 - CVE-2026-8092 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2 BZ - 2467709 - CVE-2026-8090 firefox: Use-after-free in the DOM: Networking component CVEs CVE-2026-8090 CVE-2026-8092 CVE-2026-8094 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 x86_64 firefox-140.10.2-1.el8_10.x86_64.rpm SHA-256: b3b3778f424d01aff1b581012053ef7b9dbc63da70876696181ec8f795bbf8ee firefox-debuginfo-140.10.2-1.el8_10.x86_64.rpm SHA-256: b6aa3ca5532006fa38dbcf91022356ffe0ad2c729c41dd700773de81118dbe2c firefox-debugsource-140.10.2-1.el8_10.x86_64.rpm SHA-256: 705531a1571f468db9c1326e3cc11e2cd94e39a3b9a16cc7344dc3db772a5c49 Red Hat Enterprise Linux for IBM z Systems 8 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 s390x firefox-140.10.2-1.el8_10.s390x.rpm SHA-256: 05a8fba7c933f844c104abb7518f90f524db9640e1713889095604932a60aa6c firefox-debuginfo-140.10.2-1.el8_10.s390x.rpm SHA-256: 5520aae2929dec400e0e56a367d7ff425bd67170754044ae7fda99658ce01da7 firefox-debugsource-140.10.2-1.el8_10.s390x.rpm SHA-256: d7f96267b2945febd58bc0e8bd7eccd9ea90a5175e35dc2c447b826106ec3d36 Red Hat Enterprise Linux for Power, little endian 8 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 ppc64le firefox-140.10.2-1.el8_10.ppc64le.rpm SHA-256: 9c2e30f1d2d48a3b0762522faf27682a98503a487d026de1e18bac44335e3f79 firefox-debuginfo-140.10.2-1.el8_10.ppc64le.rpm SHA-256: e2a4cca8a6ad58d254512a0a3d86a6ec27ab111b56dd3cbd7ef308248464a88b firefox-debugsource-140.10.2-1.el8_10.ppc64le.rpm SHA-256: e64f42ad4c3455636e3a3e6f0e53f8bba901aaeb2a02164a689fccfd61ad3c3d Red Hat Enterprise Linux for ARM 64 8 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 aarch64 firefox-140.10.2-1.el8_10.aarch64.rpm SHA-256: be1697622872eab410a4e9f88b53d606915b25259f9229a81c5e9f4397b0da4c firefox-debuginfo-140.10.2-1.el8_10.aarch64.rpm SHA-256: 4152f004247cf56412081c1a3ad136b03c3112b725e72305f051865820c58400 firefox-debugsource-140.10.2-1.el8_10.aarch64.rpm SHA-256: d5ec69b7bf996cab919a7945ca3fa2780429ce19ee16d091cc935eedcd6f829c Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 x86_64 firefox-140.10.2-1.el8_10.x86_64.rpm SHA-256: b3b3778f424d01aff1b581012053ef7b9dbc63da70876696181ec8f795bbf8ee firefox-debuginfo-140.10.2-1.el8_10.x86_64.rpm SHA-256: b6aa3ca5532006fa38dbcf91022356ffe0ad2c729c41dd700773de81118dbe2c firefox-debugsource-140.10.2-1.el8_10.x86_64.rpm SHA-256: 705531a1571f468db9c1326e3cc11e2cd94e39a3b9a16cc7344dc3db772a5c49 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 aarch64 firefox-140.10.2-1.el8_10.aarch64.rpm SHA-256: be1697622872eab410a4e9f88b53d606915b25259f9229a81c5e9f4397b0da4c firefox-debuginfo-140.10.2-1.el8_10.aarch64.rpm SHA-256: 4152f004247cf56412081c1a3ad136b03c3112b725e72305f051865820c58400 firefox-debugsource-140.10.2-1.el8_10.aarch64.rpm SHA-256: d5ec69b7bf996cab919a7945ca3fa2780429ce19ee16d091cc935eedcd6f829c Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 ppc64le firefox-140.10.2-1.el8_10.ppc64le.rpm SHA-256: 9c2e30f1d2d48a3b0762522faf27682a98503a487d026de1e18bac44335e3f79 firefox-debuginfo-140.10.2-1.el8_10.ppc64le.rpm SHA-256: e2a4cca8a6ad58d254512a0a3d86a6ec27ab111b56dd3cbd7ef308248464a88b firefox-debugsource-140.10.2-1.el8_10.ppc64le.rpm SHA-256: e64f42ad4c3455636e3a3e6f0e53f8bba901aaeb2a02164a689fccfd61ad3c3d Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM firefox-140.10.2-1.el8_10.src.rpm SHA-256: 03174cf6b908191271d8b948371611391cf7ba15c5f54a2c002ab35577ed7280 s390x firefox-140.10.2-1.el8_10.s390x.rpm SHA-256: 05a8fba7c933f844c104abb7518f90f524db9640e1713889095604932a60aa6c firefox-debuginfo-140.10.2-1.el8_10.s390x.rpm SHA-256: 5520aae2929dec400e0e56a367d7ff425bd67170754044ae7fda99658ce01da7 firefox-debugsource-140.10.2-1.el8_10.s390x.rpm SHA-256: d7f96267b2945febd58bc0e8bd7eccd9ea90a5175e35dc2c447b826106ec3d36 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .