An update for firefox is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1706 Final 1.0 1.0 2026-03-27 Initial 2026-03-27 2026-03-27 openEuler SA Tool V1.0 2026-03-27 firefox security update An update for firefox is now available for openEuler-24.03-LTS-SP1 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fix(es): libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.(CVE-2025-59375) Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4684) Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4685) Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4686) Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4687) Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4688) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4689) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4690) Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4691) Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4692) Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4693) Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4694) Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4695) Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4696) Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4697) JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4698) Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4699) Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4700) Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4701) JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4702) Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4704) Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4705) Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4706) Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4707) Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4708) Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.(CVE-2026-4709) Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4710) Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4711) Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4712) Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4713) Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4714) Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4715) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4716) Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4717) Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4718) Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.(CVE-2026-4719) Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4720) Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.(CVE-2026-4721) An update for firefox is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical firefox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-59375 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4684 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4685 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4686 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4687 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4688 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4689 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4690 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4691 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4692 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4693 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4694 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4695 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4696 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4697 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4698 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4699 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4700 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4701 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4702 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4704 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4705 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4706 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4707 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4708 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4709 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4710 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4711 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4712 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4713 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4714 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4715 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4716 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4717 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4718 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4719 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4720 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4721 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2026-4684 https://nvd.nist.gov/vuln/detail/CVE-2026-4685 https://nvd.nist.gov/vuln/detail/CVE-2026-4686 https://nvd.nist.gov/vuln/detail/CVE-2026-4687 https://nvd.nist.gov/vuln/detail/CVE-2026-4688 https://nvd.nist.gov/vuln/detail/CVE-2026-4689 https://nvd.nist.gov/vuln/detail/CVE-2026-4690 https://nvd.nist.gov/vuln/detail/CVE-2026-4691 https://nvd.nist.gov/vuln/detail/CVE-2026-4692 https://nvd.nist.gov/vuln/detail/CVE-2026-4693 https://nvd.nist.gov/vuln/detail/CVE-2026-4694 https://nvd.nist.gov/vuln/detail/CVE-2026-4695 https://nvd.nist.gov/vuln/detail/CVE-2026-4696 https://nvd.nist.gov/vuln/detail/CVE-2026-4697 https://nvd.nist.gov/vuln/detail/CVE-2026-4698 https://nvd.nist.gov/vuln/detail/CVE-2026-4699 https://nvd.nist.gov/vuln/detail/CVE-2026-4700 https://nvd.nist.gov/vuln/detail/CVE-2026-4701 https://nvd.nist.gov/vuln/detail/CVE-2026-4702 https://nvd.nist.gov/vuln/detail/CVE-2026-4704 https://nvd.nist.gov/vuln/detail/CVE-2026-4705 https://nvd.nist.gov/vuln/detail/CVE-2026-4706 https://nvd.nist.gov/vuln/detail/CVE-2026-4707 https://nvd.nist.gov/vuln/detail/CVE-2026-4708 https://nvd.nist.gov/vuln/detail/CVE-2026-4709 https://nvd.nist.gov/vuln/detail/CVE-2026-4710 https://nvd.nist.gov/vuln/detail/CVE-2026-4711 https://nvd.nist.gov/vuln/detail/CVE-2026-4712 https://nvd.nist.gov/vuln/detail/CVE-2026-4713 https://nvd.nist.gov/vuln/detail/CVE-2026-4714 https://nvd.nist.gov/vuln/detail/CVE-2026-4715 https://nvd.nist.gov/vuln/detail/CVE-2026-4716 https://nvd.nist.gov/vuln/detail/CVE-2026-4717 https://nvd.nist.gov/vuln/detail/CVE-2026-4718 https://nvd.nist.gov/vuln/detail/CVE-2026-4719 https://nvd.nist.gov/vuln/detail/CVE-2026-4720 https://nvd.nist.gov/vuln/detail/CVE-2026-4721 openEuler-24.03-LTS-SP1 firefox-140.9.0-1.oe2403sp1.x86_64.rpm firefox-debuginfo-140.9.0-1.oe2403sp1.x86_64.rpm firefox-debugsource-140.9.0-1.oe2403sp1.x86_64.rpm firefox-140.9.0-1.oe2403sp1.aarch64.rpm firefox-debuginfo-140.9.0-1.oe2403sp1.aarch64.rpm firefox-debugsource-140.9.0-1.oe2403sp1.aarch64.rpm firefox-140.9.0-1.oe2403sp1.src.rpm libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. 2026-03-27 CVE-2025-59375 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4684 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4685 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4686 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4687 openEuler-24.03-LTS-SP1 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4688 openEuler-24.03-LTS-SP1 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4689 openEuler-24.03-LTS-SP1 High 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4690 openEuler-24.03-LTS-SP1 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4691 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4692 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4693 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4694 openEuler-24.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4695 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4696 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4697 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4698 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4699 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4700 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4701 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4702 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4704 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4705 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4706 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4707 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4708 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4709 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4710 openEuler-24.03-LTS-SP1 Medium 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4711 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4712 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4713 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4714 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4715 openEuler-24.03-LTS-SP1 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4716 openEuler-24.03-LTS-SP1 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4717 openEuler-24.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4718 openEuler-24.03-LTS-SP1 Medium 5.0 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. 2026-03-27 CVE-2026-4719 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4720 openEuler-24.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. 2026-03-27 CVE-2026-4721 openEuler-24.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2026-03-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1706