Mozilla Firefox, libpng, and Mozilla Thunderbird security updates are available for Slackware 15.0 and -current to fix security issues. The updates contain patches for security vulnerabilities, including heap buffer over-reads and integer truncation errors. Users can find the new packages on the OSU Open Source Lab's FTP site or by visiting additional mirror sites listed on the Slackware website.

mozilla-firefox (SSA:2026-014-02)
libpng (SSA:2026-014-01)
mozilla-thunderbird (SSA:2026-014-03)

mozilla-firefox (SSA:2026-014-02)

mozilla-firefox (SSA:2026-014-02)

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-140.7.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/140.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2026-03/
https://www.cve.org/CVERecord?id=CVE-2026-0877
https://www.cve.org/CVERecord?id=CVE-2026-0878
https://www.cve.org/CVERecord?id=CVE-2026-0879
https://www.cve.org/CVERecord?id=CVE-2026-0880
https://www.cve.org/CVERecord?id=CVE-2026-0882
https://www.cve.org/CVERecord?id=CVE-2025-14327
https://www.cve.org/CVERecord?id=CVE-2026-0883
https://www.cve.org/CVERecord?id=CVE-2026-0884
https://www.cve.org/CVERecord?id=CVE-2026-0885
https://www.cve.org/CVERecord?id=CVE-2026-0886
https://www.cve.org/CVERecord?id=CVE-2026-0887
https://www.cve.org/CVERecord?id=CVE-2026-0890
https://www.cve.org/CVERecord?id=CVE-2026-0891
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-140.7.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-140.7.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-140.7.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-140.7.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
bebac90dca6ba78360c9255f109ed01b mozilla-firefox-140.7.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
7d403423630d2474d08dab959b379c69 mozilla-firefox-140.7.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
f104a3d0232fe3a6fe0241534b6af840 xap/mozilla-firefox-140.7.0esr-i686-1.txz

Slackware x86_64 -current package:
ad445417b8d7fb408f4b9badc8b39044 xap/mozilla-firefox-140.7.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-140.7.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

libpng (SSA:2026-014-01)

libpng (SSA:2026-014-01)

New libpng packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libpng-1.6.54-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Heap buffer over-read in the libpng simplified API function
png_image_finish_read() when processing interlaced 16-bit PNGs with 8-bit
output format and non-minimal row stride.
Integer truncation in the libpng simplified write API functions
png_write_image_16bit() and png_write_image_8bit() causes heap buffer
over-read when the caller provides a negative row stride (for bottom-up
image layouts) or a stride exceeding 65535 bytes.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-22695
https://www.cve.org/CVERecord?id=CVE-2026-22801
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libpng-1.6.54-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libpng-1.6.54-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.54-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.54-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
19a8814a62c441d9fca8f8fe740de783 libpng-1.6.54-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
0edc1119768449104dab38a6044bd777 libpng-1.6.54-x86_64-1_slack15.0.txz

Slackware -current package:
0b6f7b32f0c861a45d5adfaad5b14899 l/libpng-1.6.54-i686-1.txz

Slackware x86_64 -current package:
e8ffbb237f4e419652de899d0d43803c l/libpng-1.6.54-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.6.54-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-thunderbird (SSA:2026-014-03)

mozilla-thunderbird (SSA:2026-014-03)

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-140.7.0esr-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/140.7.0esr/releasenotes/
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.7.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.7.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.7.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.7.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
f6bc75489a91b382ef7f4c5d417c6f2d mozilla-thunderbird-140.7.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
e494893f4296330f8691b8c792ccc5fa mozilla-thunderbird-140.7.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
16f94df2009cedca13423aac12ec18f8 xap/mozilla-thunderbird-140.7.0esr-i686-1.txz

Slackware x86_64 -current package:
9359f839888cb7a3507a2b289a677aba xap/mozilla-thunderbird-140.7.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-140.7.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key