Updated firefox & thunderbird packages fix security vulnerabilities
Publication date: 21 Apr 2026Modification date: 21 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5731 , CVE-2026-5732 , CVE-2026-5734
Description
Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1,
Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2.
(CVE-2026-5731)
Incorrect boundary conditions, integer overflow in the Graphics: Text
component. (CVE-2026-5732)
Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR
140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. (CVE-2026-5734)
References
- https://bugs.mageia.org/show_bug.cgi?id=35338
- https://www.firefox.com/en-US/firefox/140.9.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.9.1esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734
SRPMS
9/core
- firefox-140.9.1-1.mga9
- firefox-l10n-140.9.1-1.mga9
- thunderbird-140.9.1-1.mga9
- thunderbird-l10n-140.9.1-1.mga9