<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
<generator>
<oval:product_name>Oracle Errata System</oval:product_name>
<oval:product_version>Oracle Linux</oval:product_version>
<oval:schema_version>5.11</oval:schema_version>
<oval:timestamp>2026-06-30T21:45:36</oval:timestamp>
</generator>
<definitions>
<definition id="oval:com.oracle.elsa:def:202626551" version="501" class="patch">
<metadata>
<title>
ELSA-2026-26551:  firefox security update (IMPORTANT)
</title>
<affected family="unix">
<platform>Oracle Linux 7</platform>

</affected>
<reference source="elsa" ref_id="ELSA-2026-26551" ref_url="https://linux.oracle.com/errata/ELSA-2026-26551.html"/>
<reference source="CVE" ref_id="CVE-2026-8388" ref_url="https://linux.oracle.com/cve/CVE-2026-8388.html"/>
<reference source="CVE" ref_id="CVE-2026-8391" ref_url="https://linux.oracle.com/cve/CVE-2026-8391.html"/>
<reference source="CVE" ref_id="CVE-2026-8401" ref_url="https://linux.oracle.com/cve/CVE-2026-8401.html"/>
<reference source="CVE" ref_id="CVE-2026-8946" ref_url="https://linux.oracle.com/cve/CVE-2026-8946.html"/>
<reference source="CVE" ref_id="CVE-2026-8947" ref_url="https://linux.oracle.com/cve/CVE-2026-8947.html"/>
<reference source="CVE" ref_id="CVE-2026-8950" ref_url="https://linux.oracle.com/cve/CVE-2026-8950.html"/>
<reference source="CVE" ref_id="CVE-2026-8953" ref_url="https://linux.oracle.com/cve/CVE-2026-8953.html"/>
<reference source="CVE" ref_id="CVE-2026-8954" ref_url="https://linux.oracle.com/cve/CVE-2026-8954.html"/>
<reference source="CVE" ref_id="CVE-2026-8955" ref_url="https://linux.oracle.com/cve/CVE-2026-8955.html"/>
<reference source="CVE" ref_id="CVE-2026-8956" ref_url="https://linux.oracle.com/cve/CVE-2026-8956.html"/>
<reference source="CVE" ref_id="CVE-2026-8957" ref_url="https://linux.oracle.com/cve/CVE-2026-8957.html"/>
<reference source="CVE" ref_id="CVE-2026-8958" ref_url="https://linux.oracle.com/cve/CVE-2026-8958.html"/>
<reference source="CVE" ref_id="CVE-2026-8961" ref_url="https://linux.oracle.com/cve/CVE-2026-8961.html"/>
<reference source="CVE" ref_id="CVE-2026-8962" ref_url="https://linux.oracle.com/cve/CVE-2026-8962.html"/>
<reference source="CVE" ref_id="CVE-2026-8968" ref_url="https://linux.oracle.com/cve/CVE-2026-8968.html"/>
<reference source="CVE" ref_id="CVE-2026-8970" ref_url="https://linux.oracle.com/cve/CVE-2026-8970.html"/>
<reference source="CVE" ref_id="CVE-2026-8974" ref_url="https://linux.oracle.com/cve/CVE-2026-8974.html"/>
<reference source="CVE" ref_id="CVE-2026-8975" ref_url="https://linux.oracle.com/cve/CVE-2026-8975.html"/>

<description>
[140.11.0-1.0.1]
- Update to 140.11.0 ESR [Orabug: 39573358]

[140.10.2-1.0.1]
- Update to 140.10.2 ESR [Orabug: 39534787][CVE-2026-8090][CVE-2026-8092]
  [CVE-2026-8094]

[140.10.1-1.0.1]
- Update to 140.10.1 ESR [Orabug: 39481850][CVE-2026-7320][CVE-2026-7321]
  [CVE-2026-7322][CVE-2026-7323]

[140.10.0-1.0.1]
- Update to 140.10.0 ESR [Orabug: 39499844][CVE-2026-6746][CVE-2026-6747]
  [CVE-2026-6748][CVE-2026-6749][CVE-2026-6750][CVE-2026-6751][CVE-2026-6752]
  [CVE-2026-6753][CVE-2026-6754][CVE-2026-6757][CVE-2026-6759][CVE-2026-6761]
  [CVE-2026-6762][CVE-2026-6763][CVE-2026-6764][CVE-2026-6765][CVE-2026-6766]
  [CVE-2026-6767][CVE-2026-6769][CVE-2026-6770][CVE-2026-6771][CVE-2026-6772]
  [CVE-2026-6776][CVE-2026-6785][CVE-2026-6786]

[140.9.1-1.0.1]
- Update to 140.9.1 ESR [Orabug: 39324689][CVE-2026-5731][CVE-2026-5732]
  [CVE-2026-5734][CVE-2026-33416][CVE-2026-33636]

[140.9.0-1.0.1]
- Update to 140.9.0 ESR [Orabug: 39361657][CVE-2026-4684][CVE-2026-4685]
  [CVE-2026-4686][CVE-2026-4687][CVE-2026-4688][CVE-2026-4689][CVE-2026-4690]
  [CVE-2026-4691][CVE-2026-4692][CVE-2026-4693][CVE-2026-4694][CVE-2026-4695]
  [CVE-2026-4696][CVE-2026-4697][CVE-2026-4698][CVE-2026-4699][CVE-2026-4700]
  [CVE-2026-4701][CVE-2026-4702][CVE-2026-4704][CVE-2026-4705][CVE-2026-4706]
  [CVE-2026-4707][CVE-2026-4708][CVE-2026-4709][CVE-2026-4710][CVE-2026-4711]
  [CVE-2026-4712][CVE-2026-4713][CVE-2026-4714][CVE-2026-4715][CVE-2026-4716]
  [CVE-2026-4717][CVE-2026-4718][CVE-2026-4719][CVE-2026-4720][CVE-2026-4721]

[140.8.0-2.0.1]
- Update to 140.8.0 ESR [Orabug: 39361647][CVE-2026-2447][CVE-2026-2757]
  [CVE-2026-2758][CVE-2026-2759][CVE-2026-2760][CVE-2026-2761][CVE-2026-2762]
  [CVE-2026-2763][CVE-2026-2764][CVE-2026-2765][CVE-2026-2766][CVE-2026-2767]
  [CVE-2026-2768][CVE-2026-2769][CVE-2026-2770][CVE-2026-2771][CVE-2026-2772]
  [CVE-2026-2773][CVE-2026-2774][CVE-2026-2775][CVE-2026-2776][CVE-2026-2777]
  [CVE-2026-2778][CVE-2026-2779][CVE-2026-2780][CVE-2026-2781][CVE-2026-2782]
  [CVE-2026-2783][CVE-2026-2784][CVE-2026-2785][CVE-2026-2786][CVE-2026-2787]
  [CVE-2026-2788][CVE-2026-2789][CVE-2026-2790][CVE-2026-2791][CVE-2026-2792]
  [CVE-2026-2793]

[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
  [CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
  [CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
  [CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
  [CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
  [CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
  [CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
  [CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]
</description>
<!--
 ~~~~~~~~~~~~~~~~~~~~   advisory details   ~~~~~~~~~~~~~~~~~~~ 
-->
<advisory>
<severity>IMPORTANT</severity>
<rights>Copyright 2026 Oracle, Inc.</rights>
<issued date="2026-06-29"/>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8388.html" public="20260512">CVE-2026-8388</cve>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8391.html" public="20260512">CVE-2026-8391</cve>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8401.html" public="20260512">CVE-2026-8401</cve>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8946.html" public="20260519">CVE-2026-8946</cve>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8947.html" public="20260519">CVE-2026-8947</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8950.html" public="20260519">CVE-2026-8950</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8953.html" public="20260519">CVE-2026-8953</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8954.html" public="20260519">CVE-2026-8954</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8955.html" public="20260519">CVE-2026-8955</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8956.html" public="20260519">CVE-2026-8956</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8957.html" public="20260519">CVE-2026-8957</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8958.html" public="20260519">CVE-2026-8958</cve>
<cve cvss3="3.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" href="https://linux.oracle.com/cve/CVE-2026-8961.html" public="20260519">CVE-2026-8961</cve>
<cve cvss3="3.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" href="https://linux.oracle.com/cve/CVE-2026-8962.html" public="20260519">CVE-2026-8962</cve>
<cve cvss3="3.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" href="https://linux.oracle.com/cve/CVE-2026-8968.html" public="20260519">CVE-2026-8968</cve>
<cve cvss3="3.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" href="https://linux.oracle.com/cve/CVE-2026-8970.html" public="20260519">CVE-2026-8970</cve>
<cve cvss3="6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" href="https://linux.oracle.com/cve/CVE-2026-8974.html" public="20260519">CVE-2026-8974</cve>
<cve cvss3="7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" href="https://linux.oracle.com/cve/CVE-2026-8975.html" public="20260519">CVE-2026-8975</cve>

<affected_cpe_list>
<cpe>cpe:/a:oracle:linux:7:9:latest_ELS</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:202626551001" comment="Oracle Linux 7 is installed"/>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:202626551002" comment="Oracle Linux arch is x86_64"/>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:202626551003" comment="firefox is earlier than 0:140.11.0-1.0.1.el7_9"/>
<criterion test_ref="oval:com.oracle.elsa:tst:202626551004" comment="firefox is signed with the Oracle Linux 7 key"/>
</criteria>
</criteria>
</criteria>

</definition>
</definitions>
<!--
 ~~~~~~~~~~~~~~~~~~~~~   rpminfo tests   ~~~~~~~~~~~~~~~~~~~~~ 
-->
<tests>
<rpminfo_test id="oval:com.oracle.elsa:tst:202626551001"  version="501" comment="Oracle Linux 7 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:202626551001" />
<state state_ref="oval:com.oracle.elsa:ste:202626551002" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:202626551002"  version="501" comment="Oracle Linux arch is x86_64" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:202626551001" />
<state state_ref="oval:com.oracle.elsa:ste:202626551003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:202626551003"  version="501" comment="firefox is earlier than 0:140.11.0-1.0.1.el7_9" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:202626551002" />
<state state_ref="oval:com.oracle.elsa:ste:202626551004" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:202626551004"  version="501" comment="firefox is signed with the Oracle Linux 7 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:202626551002" />
<state state_ref="oval:com.oracle.elsa:ste:202626551001" />
</rpminfo_test>

</tests>
<!--
 ~~~~~~~~~~~~~~~~~~~~   rpminfo objects   ~~~~~~~~~~~~~~~~~~~~ 
-->
<objects>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:202626551002" version="501">
<name>firefox</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:202626551001" version="501">
<name>oraclelinux-release</name>
</rpminfo_object>
</objects>
<states>
<!--
 ~~~~~~~~~~~~~~~~~~~~   rpminfo states   ~~~~~~~~~~~~~~~~~~~~~ 
-->
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:202626551001" version="501">
<signature_keyid operation="equals">72f97b74ec551f03</signature_keyid>
</rpminfo_state>
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:202626551002" version="501">
<version operation="pattern match">^7</version>
</rpminfo_state>
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:202626551003" version="501">
<arch operation="pattern match">x86_64</arch>
</rpminfo_state>
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:202626551004" version="501">
<evr datatype="evr_string" operation="less than">0:140.11.0-1.0.1.el7_9</evr>
</rpminfo_state>

</states>
</oval_definitions>
