MozillaFirefox (SUSE:Linux Enterprise Server for SAP Applications 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 15 SP6 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (121)
CVE-2026-2768 — CVSS 10.0 (critical): Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2778 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox…
CVE-2026-2776 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in…
CVE-2026-4688 — CVSS 10.0 (critical): Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR…
CVE-2026-4689 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149…
CVE-2026-2761 — CVSS 10.0 (critical): Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2760 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148…
CVE-2026-4692 — CVSS 10.0 (critical): Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9…
CVE-2026-2791 — CVSS 9.8 (critical): Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2793 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these…
CVE-2026-5734 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs…
CVE-2026-0884 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and…
CVE-2026-4691 — CVSS 9.8 (critical): Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR…
CVE-2026-4721 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these…
CVE-2026-4720 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence…
CVE-2026-2762 — CVSS 9.8 (critical): Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2026-2763 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2764 — CVSS 9.8 (critical): JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR…
CVE-2026-2765 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2766 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2767 — CVSS 9.8 (critical): Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2770 — CVSS 9.8 (critical): Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2771 — CVSS 9.8 (critical): Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2772 — CVSS 9.8 (critical): Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2773 — CVSS 9.8 (critical): Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR…
CVE-2026-2774 — CVSS 9.8 (critical): Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2775 — CVSS 9.8 (critical): Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2777 — CVSS 9.8 (critical): Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2779 — CVSS 9.8 (critical): Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2026-2780 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2781 — CVSS 9.8 (critical): Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2782 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2784 — CVSS 9.8 (critical): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2785 — CVSS 9.8 (critical): Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2786 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2787 — CVSS 9.8 (critical): Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR…
CVE-2026-2788 — CVSS 9.8 (critical): Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox…
CVE-2026-2789 — CVSS 9.8 (critical): Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2790 — CVSS 9.8 (critical): Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2026-2792 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence…
CVE-2026-4717 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4711 — CVSS 9.8 (critical): Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4710 — CVSS 9.8 (critical): Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird…
CVE-2026-4705 — CVSS 9.8 (critical): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4702 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-0879 — CVSS 9.8 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR…
CVE-2026-4701 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4700 — CVSS 9.8 (critical): Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4698 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR…
CVE-2026-4696 — CVSS 9.8 (critical): Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9…
CVE-2026-2757 — CVSS 9.8 (critical): Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33…
CVE-2026-2758 — CVSS 9.8 (critical): Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2759 — CVSS 9.8 (critical): Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox…
CVE-2026-12296 — CVSS 9.6 (critical): Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird…
CVE-2026-12295 — CVSS 9.6 (critical): Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-12297 — CVSS 9.6 (critical): Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR…
CVE-2026-12294 — CVSS 9.6 (critical): Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-4716 — CVSS 9.1 (critical): Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149…
CVE-2026-12304 — CVSS 9.1 (critical): Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12…
CVE-2026-12315 — CVSS 9.1 (critical): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and…
CVE-2026-4715 — CVSS 9.1 (critical): Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149…
CVE-2026-0882 — CVSS 8.8 (high): Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147…
CVE-2026-12289 — CVSS 8.8 (high): Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR…
CVE-2026-0880 — CVSS 8.8 (high): Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox…
CVE-2026-5732 — CVSS 8.8 (high): Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox…
CVE-2026-2769 — CVSS 8.8 (high): Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-12291 — CVSS 8.8 (high): Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-2447 — CVSS 8.8 (high): Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird…
CVE-2026-4690 — CVSS 8.6 (high): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149…
CVE-2026-4687 — CVSS 8.6 (high): Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR…
CVE-2026-12328 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of…
CVE-2026-12292 — CVSS 8.1 (high): Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152…
CVE-2026-4718 — CVSS 8.1 (high): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-0877 — CVSS 8.1 (high): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7…
CVE-2026-12290 — CVSS 8.1 (high): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird…
CVE-2026-0891 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence…
CVE-2026-12327 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed…
CVE-2026-0878 — CVSS 8.0 (high): Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147…
CVE-2026-4709 — CVSS 7.5 (high): Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox…
CVE-2025-59375 — CVSS 7.5 (high): libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for…
CVE-2026-12305 — CVSS 7.5 (high): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12310 — CVSS 7.5 (high): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12312 — CVSS 7.5 (high): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12314 — CVSS 7.5 (high): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-2783 — CVSS 7.5 (high): Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148…
CVE-2026-4684 — CVSS 7.5 (high): Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34…
CVE-2026-4685 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox…
CVE-2026-4686 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox…
CVE-2026-4693 — CVSS 7.5 (high): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34…
CVE-2026-4694 — CVSS 7.5 (high): Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34…
CVE-2026-4695 — CVSS 7.5 (high): Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9…
CVE-2026-4697 — CVSS 7.5 (high): Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9…
CVE-2026-4699 — CVSS 7.5 (high): Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34…
CVE-2026-4704 — CVSS 7.5 (high): Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4706 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox…
CVE-2026-4707 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox…
CVE-2026-4708 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149…
CVE-2025-14327 — CVSS 7.5 (high): Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and…
CVE-2026-4712 — CVSS 7.5 (high): Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4713 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149…
CVE-2026-4714 — CVSS 7.5 (high): Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird…
CVE-2026-4719 — CVSS 7.5 (high): Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird…
CVE-2026-12324 — CVSS 7.3 (high): Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12…
CVE-2026-12325 — CVSS 6.5 (medium): Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-0885 — CVSS 6.5 (medium): Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and…
CVE-2026-12302 — CVSS 6.5 (medium): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-12309 — CVSS 6.5 (medium): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12299 — CVSS 5.4 (medium): JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-0890 — CVSS 5.4 (medium): Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7…
CVE-2026-12330 — CVSS 5.4 (medium): Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR…
CVE-2026-12298 — CVSS 5.4 (medium): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-0886 — CVSS 5.3 (medium): Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR…
CVE-2026-12308 — CVSS 5.3 (medium): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-0883 — CVSS 5.3 (medium): Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and…
CVE-2026-12329 — CVSS 5.3 (medium): Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
CVE-2026-12306 — CVSS 5.3 (medium): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12307 — CVSS 5.3 (medium): Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird…
CVE-2026-12313 — CVSS 4.7 (medium): Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox…
CVE-2026-12311 — CVSS 4.7 (medium): Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox…
CVE-2026-0887 — CVSS 4.3 (medium): Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7…