VDB
GCVE-110-MAGEIA-2026-124
GCVE-110-MAGEIA-2026-124
Advisory Published
Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746)
Use-after-free in the WebRTC component. (CVE-2026-6747)
Uninitialized memory in the Audio/Video: Web Codecs component.
(CVE-2026-6748)
Information disclosure due to uninitialized memory in the Graphics:
Canvas2D component. (CVE-2026-6749)
Privilege escalation in the Graphics: WebRender component.
(CVE-2026-6750)
Uninitialized memory in the Audio/Video: Web Codecs component.
(CVE-2026-6751)
Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752)
Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753)
Use-after-free in the JavaScript Engine component. (CVE-2026-6754)
Invalid pointer in the JavaScript: WebAssembly component.
(CVE-2026-6757)
Use-after-free in the Widget: Cocoa component. (CVE-2026-6759)
Privilege escalation in the Networking component. (CVE-2026-6761)
Spoofing issue in the DOM: Core & HTML component. (CVE-2026-6762)
Mitigation bypass in the File Handling component. (CVE-2026-6763)
Incorrect boundary conditions in the DOM: Device Interfaces component.
(CVE-2026-6764)
Information disclosure in the Form Autofill component. (CVE-2026-6765)
Incorrect boundary conditions in the Libraries component in NSS.
(CVE-2026-6766)
Other issue in the Libraries component in NSS. (CVE-2026-6767)
Privilege escalation in the Debugger component. (CVE-2026-6769)
Other issue in the Storage: IndexedDB component. (CVE-2026-6770)
Mitigation bypass in the DOM: Security component. (CVE-2026-6771)
Incorrect boundary conditions in the Libraries component in NSS.
(CVE-2026-6772)
Incorrect boundary conditions in the WebRTC: Networking component.
(CVE-2026-6776)
Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10,
Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785)
Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10,
Firefox 150 and Thunderbird 150. (CVE-2026-6786)
Information disclosure due to incorrect boundary conditions in the
Audio/Video component. (CVE-2026-7320)
Sandbox escape due to incorrect boundary conditions in the WebRTC:
Networking component. (CVE-2026-7321)
Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1
and Firefox 150.0.1. (CVE-2026-7322)
Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1.
(CVE-2026-7323)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | firefox | 0 (affected), 140.10.1-1.mga9 (unaffected) | — |
| Mageia | firefox-l10n | 0 (affected), 140.10.1-1.mga9 (unaffected) | — |
| Mageia | rootcerts | 0 (affected), 20260412.00-1.mga9 (unaffected) | — |
| Mageia | nss | 3.123.1-1.mga9 (unaffected), 0 (affected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.