Amazon Linux 2023 Security Advisory: ALAS2023-2026-1621
Advisory Released Date: 2026-04-30
Advisory Updated Date: 2026-04-30
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 115.34.1, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1. (CVE-2026-5731)
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1. (CVE-2026-5732)
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1. (CVE-2026-5734)
Affected Packages:
firefox
Issue Correction:
Run dnf update firefox --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1621 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
firefox-debuginfo-140.9.1-1.amzn2023.0.1.aarch64
firefox-140.9.1-1.amzn2023.0.1.aarch64
firefox-debugsource-140.9.1-1.amzn2023.0.1.aarch64
src:
firefox-140.9.1-1.amzn2023.0.1.src
x86_64:
firefox-debuginfo-140.9.1-1.amzn2023.0.1.x86_64
firefox-140.9.1-1.amzn2023.0.1.x86_64
firefox-debugsource-140.9.1-1.amzn2023.0.1.x86_64