Updated firefox, firefox-l10n, rootcerts, nss packages fix security vulnerabilities
Publication date: 13 Jul 2026Modification date: 13 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-12289 , CVE-2026-12290 , CVE-2026-12291 , CVE-2026-12292 , CVE-2026-12294 , CVE-2026-12295 , CVE-2026-12296 , CVE-2026-12297 , CVE-2026-12298 , CVE-2026-12299 , CVE-2026-12302 , CVE-2026-12304 , CVE-2026-12305 , CVE-2026-12306 , CVE-2026-12307 , CVE-2026-12308 , CVE-2026-12309 , CVE-2026-12310 , CVE-2026-12311 , CVE-2026-12312 , CVE-2026-12313 , CVE-2026-12314 , CVE-2026-12315 , CVE-2026-12324 , CVE-2026-12325 , CVE-2026-12327 , CVE-2026-12328 , CVE-2026-12329 , CVE-2026-12330
Description
The updated packages fix security vulnerabilities:
Privilege escalation in the Graphics: WebRender component.
(CVE-2026-12289)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12290)
Use-after-free in the Networking: HTTP component. (CVE-2026-12291)
Incorrect boundary conditions in the Web Audio component.
(CVE-2026-12292)
Sandbox escape in the DOM: Workers component. (CVE-2026-12294)
Sandbox escape in the DOM: Navigation component. (CVE-2026-12295)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12298)
Sandbox escape in the Security: Process Sandboxing component.
(CVE-2026-12296)
Sandbox escape due to incorrect boundary conditions in the Networking
component. (CVE-2026-12297)
JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12329)
Mitigation bypass in the DOM: Security component. (CVE-2026-12302)
Same-origin policy bypass in the Networking: Cookies component.
(CVE-2026-12304)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12305)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12306)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12307)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12308)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12309)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12310)
Information disclosure, sandbox escape in the Security: Process
Sandboxing component. (CVE-2026-12311)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12312)
Information disclosure, sandbox escape in the Security: Process
Sandboxing component. (CVE-2026-12313)
Memory safety bug fixed in Firefox ESR 140.12. (CVE-2026-12314)
Mitigation bypass in the DOM: Security component. (CVE-2026-12315)
Incorrect boundary conditions in the Internationalization component.
(CVE-2026-12330)
Incorrect boundary conditions in the Graphics: CanvasWebGL component.
(CVE-2026-12324)
Denial-of-service in the Graphics: ImageLib component. (CVE-2026-12325)
Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12,
Firefox 152 and Thunderbird 152. (CVE-2026-12327)
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12,
Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152.
(CVE-2026-12328)
References
- https://bugs.mageia.org/show_bug.cgi?id=35715
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_125.html
- https://www.firefox.com/en-US/firefox/140.12.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/
- https://www.cve.org/CVERecord?id=CVE-2026-12289
- https://www.cve.org/CVERecord?id=CVE-2026-12290
- https://www.cve.org/CVERecord?id=CVE-2026-12291
- https://www.cve.org/CVERecord?id=CVE-2026-12292
- https://www.cve.org/CVERecord?id=CVE-2026-12294
- https://www.cve.org/CVERecord?id=CVE-2026-12295
- https://www.cve.org/CVERecord?id=CVE-2026-12296
- https://www.cve.org/CVERecord?id=CVE-2026-12297
- https://www.cve.org/CVERecord?id=CVE-2026-12298
- https://www.cve.org/CVERecord?id=CVE-2026-12299
- https://www.cve.org/CVERecord?id=CVE-2026-12302
- https://www.cve.org/CVERecord?id=CVE-2026-12304
- https://www.cve.org/CVERecord?id=CVE-2026-12305
- https://www.cve.org/CVERecord?id=CVE-2026-12306
- https://www.cve.org/CVERecord?id=CVE-2026-12307
- https://www.cve.org/CVERecord?id=CVE-2026-12308
- https://www.cve.org/CVERecord?id=CVE-2026-12309
- https://www.cve.org/CVERecord?id=CVE-2026-12310
- https://www.cve.org/CVERecord?id=CVE-2026-12311
- https://www.cve.org/CVERecord?id=CVE-2026-12312
- https://www.cve.org/CVERecord?id=CVE-2026-12313
- https://www.cve.org/CVERecord?id=CVE-2026-12314
- https://www.cve.org/CVERecord?id=CVE-2026-12315
- https://www.cve.org/CVERecord?id=CVE-2026-12324
- https://www.cve.org/CVERecord?id=CVE-2026-12325
- https://www.cve.org/CVERecord?id=CVE-2026-12327
- https://www.cve.org/CVERecord?id=CVE-2026-12328
- https://www.cve.org/CVERecord?id=CVE-2026-12329
- https://www.cve.org/CVERecord?id=CVE-2026-12330
SRPMS
10/core
- rootcerts-20260611.00-1.mga10
- nss-3.125.0-1.mga10
- firefox-140.12.0-1.mga10
- firefox-l10n-140.12.0-1.mga10
9/core
- rootcerts-20260611.00-1.mga9
- nss-3.125.0-1.mga9
- firefox-140.12.0-1.mga9
- firefox-l10n-140.12.0-1.mga9