Stay Connected:

ELSA-2026-2231

ELSA-2026-2231 - firefox security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-02-18

Description


[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

[128.12.0-1.0.1]
- Update to 128.12.0 [Orabug: 38141310][CVE-2025-6424][CVE-2025-6425]
[CVE-2025-6429][CVE-2025-6430]

[128.11.0-1.0.1]
- Update to 128.11.0 [Orabug: 38077559][CVE-2025-5263][CVE-2025-5264]
[CVE-2025-5266][CVE-2025-5267][CVE-2025-5268][CVE-2025-5269]

[128.10.1-1.0.1]
- Update to 128.10.1 [Orabug: 38028280][CVE-2025-4918][CVE-2025-4919]


Related CVEs


CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (x86_64) firefox-140.7.0-1.0.1.el7_9.src.rpm76d1ab4b4a015982a63be2d702cefef0832620baac4882eff67cf5113afd5609-ol7_x86_64_latest_ELS
firefox-140.7.0-1.0.1.el7_9.x86_64.rpmca8d3f221e7513dced17f21e8642430af7a8f4a7a050c548e25a2908177137aa-ol7_x86_64_latest_ELS



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights