Red Hat Product Errata RHSA-2026:21382 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21382 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388) firefox: Other issue in the JavaScript Engine component (CVE-2026-8391) firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401) firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956) firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975) firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955) firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968) firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954) firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958) firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946) firefox: Privilege escalation in the Security component (CVE-2026-8970) firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950) firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974) firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953) firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961) firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947) firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962) firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2476469 - CVE-2026-8388 firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component BZ - 2476475 - CVE-2026-8391 firefox: Other issue in the JavaScript Engine component BZ - 2476492 - CVE-2026-8401 firefox: Sandbox escape in the Profile Backup component BZ - 2479839 - CVE-2026-8956 firefox: Integer overflow in the Networking: JAR component BZ - 2479840 - CVE-2026-8975 firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 BZ - 2479842 - CVE-2026-8955 firefox: Privilege escalation in the DOM: Workers component BZ - 2479846 - CVE-2026-8968 firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component BZ - 2479847 - CVE-2026-8954 firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component BZ - 2479848 - CVE-2026-8958 firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component BZ - 2479849 - CVE-2026-8946 firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component BZ - 2479852 - CVE-2026-8970 firefox: Privilege escalation in the Security component BZ - 2479853 - CVE-2026-8950 firefox: Same-origin policy bypass in the Networking: HTTP component BZ - 2479855 - CVE-2026-8974 firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 BZ - 2479860 - CVE-2026-8953 firefox: Sandbox escape due to use-after-free in the Disability Access APIs component BZ - 2479871 - CVE-2026-8961 firefox: Spoofing issue in the Form Autofill component BZ - 2479873 - CVE-2026-8947 firefox: Use-after-free in the DOM: Bindings (WebIDL) component BZ - 2479876 - CVE-2026-8962 firefox: Mitigation bypass in the DOM: Security component BZ - 2479880 - CVE-2026-8957 firefox: Privilege escalation in the Enterprise Policies component CVEs CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 x86_64 firefox-140.11.0-1.el8_10.x86_64.rpm SHA-256: c695c7068b95fc7bf46f69b70bc21ad5cf8bf6c28285ac0e3e9b36522771bbe9 firefox-debuginfo-140.11.0-1.el8_10.x86_64.rpm SHA-256: 140de5a39b923a60d8720d1d9539eea470fbc6992de1b86143f2af4774a9603b firefox-debugsource-140.11.0-1.el8_10.x86_64.rpm SHA-256: 5f7a7a98dc81f9b9ec426bea80562c9d116f07e99bd476e7404e78553722b949 Red Hat Enterprise Linux for IBM z Systems 8 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 s390x firefox-140.11.0-1.el8_10.s390x.rpm SHA-256: d202a0c9c9d69724e8435e69819549d680c5258a0c8a2bd05fe79229c2314365 firefox-debuginfo-140.11.0-1.el8_10.s390x.rpm SHA-256: ccaaf3722ffd2fee72ea1126cf4c96a8ba96aa4b609ef58e8691460d5aaffcba firefox-debugsource-140.11.0-1.el8_10.s390x.rpm SHA-256: 6a95affda0209ac5e7a4632996908b001549f3b5bf381201d86b06a3930ffdb5 Red Hat Enterprise Linux for Power, little endian 8 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 ppc64le firefox-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 7fd6d5b04735cd306fadd7b0cf72d74ffcb65dbd9d640863ec59b9cd62d7a7b5 firefox-debuginfo-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 637d83eafabf4ea98b06b69f265381cbd34c824d86fb03a54594311df2dbf2d4 firefox-debugsource-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 391f0a2dc254f5e907cf36a2080249fe88ee239931672bf2b7201811289ce447 Red Hat Enterprise Linux for ARM 64 8 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 aarch64 firefox-140.11.0-1.el8_10.aarch64.rpm SHA-256: 0a041edfe8373f772c29df5e4b2f534a0d7cf3734bbe415705e4a95f765fc207 firefox-debuginfo-140.11.0-1.el8_10.aarch64.rpm SHA-256: 7bb8fae8146a2df621f5342ba59a4bc306fa9989f0a588adf97f0c39237085d7 firefox-debugsource-140.11.0-1.el8_10.aarch64.rpm SHA-256: 7b6285630f7a1ebe6c4f4bdad52d1d36a401e3d45385b212678eed2f64d9e9b2 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 x86_64 firefox-140.11.0-1.el8_10.x86_64.rpm SHA-256: c695c7068b95fc7bf46f69b70bc21ad5cf8bf6c28285ac0e3e9b36522771bbe9 firefox-debuginfo-140.11.0-1.el8_10.x86_64.rpm SHA-256: 140de5a39b923a60d8720d1d9539eea470fbc6992de1b86143f2af4774a9603b firefox-debugsource-140.11.0-1.el8_10.x86_64.rpm SHA-256: 5f7a7a98dc81f9b9ec426bea80562c9d116f07e99bd476e7404e78553722b949 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 aarch64 firefox-140.11.0-1.el8_10.aarch64.rpm SHA-256: 0a041edfe8373f772c29df5e4b2f534a0d7cf3734bbe415705e4a95f765fc207 firefox-debuginfo-140.11.0-1.el8_10.aarch64.rpm SHA-256: 7bb8fae8146a2df621f5342ba59a4bc306fa9989f0a588adf97f0c39237085d7 firefox-debugsource-140.11.0-1.el8_10.aarch64.rpm SHA-256: 7b6285630f7a1ebe6c4f4bdad52d1d36a401e3d45385b212678eed2f64d9e9b2 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 ppc64le firefox-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 7fd6d5b04735cd306fadd7b0cf72d74ffcb65dbd9d640863ec59b9cd62d7a7b5 firefox-debuginfo-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 637d83eafabf4ea98b06b69f265381cbd34c824d86fb03a54594311df2dbf2d4 firefox-debugsource-140.11.0-1.el8_10.ppc64le.rpm SHA-256: 391f0a2dc254f5e907cf36a2080249fe88ee239931672bf2b7201811289ce447 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM firefox-140.11.0-1.el8_10.src.rpm SHA-256: 33661e6da13849b068a2a05ad6d56aa639fcfbbb2abccfda9641e3fc8b557842 s390x firefox-140.11.0-1.el8_10.s390x.rpm SHA-256: d202a0c9c9d69724e8435e69819549d680c5258a0c8a2bd05fe79229c2314365 firefox-debuginfo-140.11.0-1.el8_10.s390x.rpm SHA-256: ccaaf3722ffd2fee72ea1126cf4c96a8ba96aa4b609ef58e8691460d5aaffcba firefox-debugsource-140.11.0-1.el8_10.s390x.rpm SHA-256: 6a95affda0209ac5e7a4632996908b001549f3b5bf381201d86b06a3930ffdb5 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .