CVE-2026-7323

high

Published 2026-05-19 · Modified 2026-05-26

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.3

Description

Important: firefox security update

Predictions

Exploit likelihood

82%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

Red Hat statement

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 10	`thunderbird-0:140.10.1-1.el10_2`	RHSA-2026:19153	2026-05-19T00:00:00Z
Red Hat Enterprise Linux 10	`firefox-0:140.10.1-1.el10_2`	RHSA-2026:19157	2026-05-19T00:00:00Z
Red Hat Enterprise Linux 8	`firefox-0:140.10.1-1.el8_10`	RHSA-2026:19588	2026-05-20T00:00:00Z
Red Hat Enterprise Linux 8	`thunderbird-0:140.10.1-1.el8_10`	RHSA-2026:20586	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 9	`thunderbird-0:140.10.1-1.el9_8`	RHSA-2026:19348	2026-05-19T00:00:00Z
Red Hat Enterprise Linux 9	`firefox-0:140.10.1-1.el9_8`	RHSA-2026:19370	2026-05-19T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 10	`rhel10/firefox-flatpak`	Affected
Red Hat Enterprise Linux 10	`rhel10/thunderbird-flatpak`	Affected
Red Hat Enterprise Linux 6	`firefox`	Out of support scope
Red Hat Enterprise Linux 6	`thunderbird`	Out of support scope
Red Hat Enterprise Linux 7	`firefox`	Affected
Red Hat Enterprise Linux 7	`thunderbird`	Out of support scope

Apply commands

bash fix

Apply RHSA-2026:19153 for Red Hat Enterprise Linux 10

yum update -y thunderbird
# or:
dnf upgrade -y thunderbird

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 10	`Affected`
redhat	Red Hat Enterprise Linux 10	`Affected`
redhat	Red Hat Enterprise Linux 7	`Affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
debian	sid	fixed	`150.0.1-1`
debian	bookworm	fixed	`140.10.1esr-1~deb12u1`
debian	bullseye	fixed	`140.10.1esr-1~deb11u1`
debian	forky	fixed	`140.10.1esr-1`
debian	trixie	fixed	`140.10.1esr-1~deb13u1`
almalinux	9	fixed	`thunderbird-140.10.1-1.el9_8.alma.1.x86_64.rpm`

Application impact

Vendor	Product	Versions	Fixed
mozilla	firefox	`{"endExcluding":"140.10.1"}`	`140.10.1`
mozilla	thunderbird	`{"endExcluding":"140.10.1"}`	`140.10.1`
mozilla	firefox	`{"endExcluding":"140.10.1"}`	`140.10.1`
mozilla	thunderbird	`{"endExcluding":"140.10.1"}`	`140.10.1`

References

CWEs

CWE-119 CWE-787

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.