MozillaFirefox-148.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10257-1 Final 1 1 2026-02-26T00:00:00Z current 2026-02-26T00:00:00Z 2026-02-26T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaFirefox-148.0-1.1 on GA media These are all security issues fixed in the MozillaFirefox-148.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10257 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-2757/ SUSE CVE CVE-2026-2757 page https://www.suse.com/security/cve/CVE-2026-2758/ SUSE CVE CVE-2026-2758 page https://www.suse.com/security/cve/CVE-2026-2759/ SUSE CVE CVE-2026-2759 page https://www.suse.com/security/cve/CVE-2026-2760/ SUSE CVE CVE-2026-2760 page https://www.suse.com/security/cve/CVE-2026-2761/ SUSE CVE CVE-2026-2761 page https://www.suse.com/security/cve/CVE-2026-2762/ SUSE CVE CVE-2026-2762 page https://www.suse.com/security/cve/CVE-2026-2763/ SUSE CVE CVE-2026-2763 page https://www.suse.com/security/cve/CVE-2026-2764/ SUSE CVE CVE-2026-2764 page https://www.suse.com/security/cve/CVE-2026-2765/ SUSE CVE CVE-2026-2765 page https://www.suse.com/security/cve/CVE-2026-2766/ SUSE CVE CVE-2026-2766 page https://www.suse.com/security/cve/CVE-2026-2767/ SUSE CVE CVE-2026-2767 page https://www.suse.com/security/cve/CVE-2026-2768/ SUSE CVE CVE-2026-2768 page https://www.suse.com/security/cve/CVE-2026-2769/ SUSE CVE CVE-2026-2769 page https://www.suse.com/security/cve/CVE-2026-2770/ SUSE CVE CVE-2026-2770 page https://www.suse.com/security/cve/CVE-2026-2771/ SUSE CVE CVE-2026-2771 page https://www.suse.com/security/cve/CVE-2026-2772/ SUSE CVE CVE-2026-2772 page https://www.suse.com/security/cve/CVE-2026-2773/ SUSE CVE CVE-2026-2773 page https://www.suse.com/security/cve/CVE-2026-2774/ SUSE CVE CVE-2026-2774 page https://www.suse.com/security/cve/CVE-2026-2775/ SUSE CVE CVE-2026-2775 page https://www.suse.com/security/cve/CVE-2026-2776/ SUSE CVE CVE-2026-2776 page https://www.suse.com/security/cve/CVE-2026-2777/ SUSE CVE CVE-2026-2777 page https://www.suse.com/security/cve/CVE-2026-2778/ SUSE CVE CVE-2026-2778 page https://www.suse.com/security/cve/CVE-2026-2779/ SUSE CVE CVE-2026-2779 page https://www.suse.com/security/cve/CVE-2026-2780/ SUSE CVE CVE-2026-2780 page https://www.suse.com/security/cve/CVE-2026-2781/ SUSE CVE CVE-2026-2781 page https://www.suse.com/security/cve/CVE-2026-2782/ SUSE CVE CVE-2026-2782 page https://www.suse.com/security/cve/CVE-2026-2783/ SUSE CVE CVE-2026-2783 page https://www.suse.com/security/cve/CVE-2026-2784/ SUSE CVE CVE-2026-2784 page https://www.suse.com/security/cve/CVE-2026-2785/ SUSE CVE CVE-2026-2785 page https://www.suse.com/security/cve/CVE-2026-2786/ SUSE CVE CVE-2026-2786 page https://www.suse.com/security/cve/CVE-2026-2787/ SUSE CVE CVE-2026-2787 page https://www.suse.com/security/cve/CVE-2026-2788/ SUSE CVE CVE-2026-2788 page https://www.suse.com/security/cve/CVE-2026-2789/ SUSE CVE CVE-2026-2789 page https://www.suse.com/security/cve/CVE-2026-2790/ SUSE CVE CVE-2026-2790 page https://www.suse.com/security/cve/CVE-2026-2791/ SUSE CVE CVE-2026-2791 page https://www.suse.com/security/cve/CVE-2026-2792/ SUSE CVE CVE-2026-2792 page https://www.suse.com/security/cve/CVE-2026-2793/ SUSE CVE CVE-2026-2793 page https://www.suse.com/security/cve/CVE-2026-2794/ SUSE CVE CVE-2026-2794 page https://www.suse.com/security/cve/CVE-2026-2795/ SUSE CVE CVE-2026-2795 page https://www.suse.com/security/cve/CVE-2026-2796/ SUSE CVE CVE-2026-2796 page https://www.suse.com/security/cve/CVE-2026-2797/ SUSE CVE CVE-2026-2797 page https://www.suse.com/security/cve/CVE-2026-2798/ SUSE CVE CVE-2026-2798 page https://www.suse.com/security/cve/CVE-2026-2799/ SUSE CVE CVE-2026-2799 page https://www.suse.com/security/cve/CVE-2026-2800/ SUSE CVE CVE-2026-2800 page https://www.suse.com/security/cve/CVE-2026-2801/ SUSE CVE CVE-2026-2801 page https://www.suse.com/security/cve/CVE-2026-2802/ SUSE CVE CVE-2026-2802 page https://www.suse.com/security/cve/CVE-2026-2803/ SUSE CVE CVE-2026-2803 page https://www.suse.com/security/cve/CVE-2026-2804/ SUSE CVE CVE-2026-2804 page https://www.suse.com/security/cve/CVE-2026-2805/ SUSE CVE CVE-2026-2805 page https://www.suse.com/security/cve/CVE-2026-2806/ SUSE CVE CVE-2026-2806 page https://www.suse.com/security/cve/CVE-2026-2807/ SUSE CVE CVE-2026-2807 page openSUSE Tumbleweed MozillaFirefox-148.0-1.1 MozillaFirefox-branding-upstream-148.0-1.1 MozillaFirefox-devel-148.0-1.1 MozillaFirefox-translations-common-148.0-1.1 MozillaFirefox-translations-other-148.0-1.1 MozillaFirefox-148.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-148.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-148.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-148.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-148.0-1.1 as a component of openSUSE Tumbleweed Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2757 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2757.html CVE-2026-2757 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2758 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2758.html CVE-2026-2758 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2759 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2759.html CVE-2026-2759 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2760 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2760.html CVE-2026-2760 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2761 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2761.html CVE-2026-2761 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2762 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2762.html CVE-2026-2762 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2763 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2763.html CVE-2026-2763 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2764 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2764.html CVE-2026-2764 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2765 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2765.html CVE-2026-2765 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2766 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2766.html CVE-2026-2766 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2767 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2767.html CVE-2026-2767 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2768 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2768.html CVE-2026-2768 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2769 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2769.html CVE-2026-2769 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2770 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2770.html CVE-2026-2770 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2771 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2771.html CVE-2026-2771 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2772 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2772.html CVE-2026-2772 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2773 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2773.html CVE-2026-2773 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2774 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2774.html CVE-2026-2774 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2775 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2775.html CVE-2026-2775 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2776 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2776.html CVE-2026-2776 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2777 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2777.html CVE-2026-2777 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2778 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2778.html CVE-2026-2778 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2779 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2779.html CVE-2026-2779 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2780 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2780.html CVE-2026-2780 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2781 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2781.html CVE-2026-2781 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2782 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2782.html CVE-2026-2782 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2783 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2783.html CVE-2026-2783 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2784 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2784.html CVE-2026-2784 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2785 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2785.html CVE-2026-2785 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2786 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2786.html CVE-2026-2786 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2787 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2787.html CVE-2026-2787 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2788 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2788.html CVE-2026-2788 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2789 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2789.html CVE-2026-2789 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2790 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2790.html CVE-2026-2790 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2791 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2791.html CVE-2026-2791 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2792 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2792.html CVE-2026-2792 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2793 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2793.html CVE-2026-2793 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148. CVE-2026-2794 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2794.html CVE-2026-2794 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2795 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2795.html CVE-2026-2795 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2796 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2796.html CVE-2026-2796 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2797 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2797.html CVE-2026-2797 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2798 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2798.html CVE-2026-2798 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2799 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2799.html CVE-2026-2799 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2800 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2800.html CVE-2026-2800 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2801 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2801.html CVE-2026-2801 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2802 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2802.html CVE-2026-2802 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2803 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2803.html CVE-2026-2803 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2804 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2804.html CVE-2026-2804 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2805 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2805.html CVE-2026-2805 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2806 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2806.html CVE-2026-2806 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. CVE-2026-2807 openSUSE Tumbleweed:MozillaFirefox-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-148.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-148.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-2807.html CVE-2026-2807 https://bugzilla.suse.com/1258568 SUSE Bug 1258568