Red Hat Product Errata RHSA-2026:21743 - Security Advisory Issued: 2026-05-28 Updated: 2026-05-28 RHSA-2026:21743 - Security Advisory Overview Updated Packages Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323) firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320) firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322) firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVEs CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM firefox-140.10.1-1.el9_0.src.rpm SHA-256: 72a841bf5fc51b5e102af17489c57f25c8a1fed0bd3bba3c28102615a3817693 ppc64le firefox-140.10.1-1.el9_0.ppc64le.rpm SHA-256: b88c55af7b799fbee2da33e1c9774f92f47394de7a1ce22e450ea39c53172a2a firefox-debuginfo-140.10.1-1.el9_0.ppc64le.rpm SHA-256: f99eb0e672c7ec31a4adcaca80f84d27f66d63e12c1adf34093fa01d6db427dc firefox-debugsource-140.10.1-1.el9_0.ppc64le.rpm SHA-256: 7012c6422d0d99aca298f1008ca16e8776afeb73477852880b97b8bfccba0d3a Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM firefox-140.10.1-1.el9_0.src.rpm SHA-256: 72a841bf5fc51b5e102af17489c57f25c8a1fed0bd3bba3c28102615a3817693 x86_64 firefox-140.10.1-1.el9_0.x86_64.rpm SHA-256: cf9833a89d65a81b5d1029d05a374153fc91e7d6b7b0e72ba64b4822c5fd7a33 firefox-debuginfo-140.10.1-1.el9_0.x86_64.rpm SHA-256: 324eb8cd0aebd336880e05b6ef084a7183c1985da2e6e09c32f78838e42292b2 firefox-debugsource-140.10.1-1.el9_0.x86_64.rpm SHA-256: adb5462633260a7c98d52f01006f8b63f2b82f07df0f78e5fef3a6d4f9c65a89 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM firefox-140.10.1-1.el9_0.src.rpm SHA-256: 72a841bf5fc51b5e102af17489c57f25c8a1fed0bd3bba3c28102615a3817693 aarch64 firefox-140.10.1-1.el9_0.aarch64.rpm SHA-256: 8f134319c4cd3cc68456241f6863850731a5c42c588d0a2843739e8eb2ede076 firefox-debuginfo-140.10.1-1.el9_0.aarch64.rpm SHA-256: b5b3a26af1a301346b751d052ce39583574b11116533e952420c5eff26067aa6 firefox-debugsource-140.10.1-1.el9_0.aarch64.rpm SHA-256: 2cda9c57cadcd316fabaff367c2e8a6f2c0348153f8d1bf188e7fbe0d228dced Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM firefox-140.10.1-1.el9_0.src.rpm SHA-256: 72a841bf5fc51b5e102af17489c57f25c8a1fed0bd3bba3c28102615a3817693 s390x firefox-140.10.1-1.el9_0.s390x.rpm SHA-256: 6bc9fe152406e7812e7b160e47e1cbcef2241022c40042b9594a1da09d753052 firefox-debuginfo-140.10.1-1.el9_0.s390x.rpm SHA-256: 79e858efa5c5ed04795e4c3786c8dce8929501b6bd83fe1cf374bb97338f4d50 firefox-debugsource-140.10.1-1.el9_0.s390x.rpm SHA-256: 2b587b0910b9a1616fd5b0eea36d2974b70bf2395027a2480961d5199689bddb The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .