Red Hat Product Errata RHSA-2024:0622 - Security Advisory
Issued:
2024-01-30
Updated:
2024-01-30

RHSA-2024:0622 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

  • Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
  • Mozilla: Failure to update user input timestamp (CVE-2024-0742)
  • Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
  • Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
  • Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
  • Mozilla: Privilege escalation through devtools (CVE-2024-0751)
  • Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
  • Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2259926 - CVE-2024-0741 Mozilla: Out of bounds write in ANGLE
  • BZ - 2259927 - CVE-2024-0742 Mozilla: Failure to update user input timestamp
  • BZ - 2259928 - CVE-2024-0746 Mozilla: Crash when listing printers on Linux
  • BZ - 2259929 - CVE-2024-0747 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
  • BZ - 2259930 - CVE-2024-0749 Mozilla: Phishing site popup could show local origin in address bar
  • BZ - 2259931 - CVE-2024-0750 Mozilla: Potential permissions request bypass via clickjacking
  • BZ - 2259932 - CVE-2024-0751 Mozilla: Privilege escalation through devtools
  • BZ - 2259933 - CVE-2024-0753 Mozilla: HSTS policy on subdomain could bypass policy of upper domain
  • BZ - 2259934 - CVE-2024-0755 Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
x86_64
firefox-115.7.0-1.el8_6.x86_64.rpm SHA-256: 48ea366c92c3dd0f8120eea409424715aec58049426d864ff1979e2588d7ba66
firefox-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 7e233be6e805f37731b3dafcadee16c9182b7cce75e09349d8af5151092bd449
firefox-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 4b641490b6adac9284adabc7c3eaade7dcdd9a183df00a5588bf825da7531660

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
x86_64
firefox-115.7.0-1.el8_6.x86_64.rpm SHA-256: 48ea366c92c3dd0f8120eea409424715aec58049426d864ff1979e2588d7ba66
firefox-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 7e233be6e805f37731b3dafcadee16c9182b7cce75e09349d8af5151092bd449
firefox-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 4b641490b6adac9284adabc7c3eaade7dcdd9a183df00a5588bf825da7531660

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
s390x
firefox-115.7.0-1.el8_6.s390x.rpm SHA-256: edc6dada4e594d8ec76733d9797dde69405c39cb9c1ed8fc160743299ed7a22e
firefox-debuginfo-115.7.0-1.el8_6.s390x.rpm SHA-256: 9298c3db3714a0b126eb08e69780f8b8d785f6f85dd17ccf789562f3fc2c055d
firefox-debugsource-115.7.0-1.el8_6.s390x.rpm SHA-256: fae4492ecf8006ba5e3000e23edf5a84a6e61bb742a2ff47776b249af1998012

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
ppc64le
firefox-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 4cdc85903ce1ef7507598a7fdf1ad27552a90256d5aaf7d86c0bc8c8615c0a4c
firefox-debuginfo-115.7.0-1.el8_6.ppc64le.rpm SHA-256: a7e722271ef04f7c4a0d3bdab471024b93876c9a31244b4f376bff392d11d1f8
firefox-debugsource-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 6041ebbd98eb1fe49eb0bfbe5357c4a8353e59e65f29c8b188377a2ad7838193

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
x86_64
firefox-115.7.0-1.el8_6.x86_64.rpm SHA-256: 48ea366c92c3dd0f8120eea409424715aec58049426d864ff1979e2588d7ba66
firefox-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 7e233be6e805f37731b3dafcadee16c9182b7cce75e09349d8af5151092bd449
firefox-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 4b641490b6adac9284adabc7c3eaade7dcdd9a183df00a5588bf825da7531660

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
aarch64
firefox-115.7.0-1.el8_6.aarch64.rpm SHA-256: 0259837c158b01e81e1681aec084936b0b89a7c33125153efc2758e267ab0538
firefox-debuginfo-115.7.0-1.el8_6.aarch64.rpm SHA-256: 5432aa0e3af003f804f814895e327c9f761c2ba9a518b2ef1c78909b35274b1b
firefox-debugsource-115.7.0-1.el8_6.aarch64.rpm SHA-256: 1be99d2043a6440b57b6f6cb1f7128f64fa027997b67eb9b7a5af21808607445

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
ppc64le
firefox-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 4cdc85903ce1ef7507598a7fdf1ad27552a90256d5aaf7d86c0bc8c8615c0a4c
firefox-debuginfo-115.7.0-1.el8_6.ppc64le.rpm SHA-256: a7e722271ef04f7c4a0d3bdab471024b93876c9a31244b4f376bff392d11d1f8
firefox-debugsource-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 6041ebbd98eb1fe49eb0bfbe5357c4a8353e59e65f29c8b188377a2ad7838193

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
firefox-115.7.0-1.el8_6.src.rpm SHA-256: a57976ae70d0531d8c05d39e7fb7a6e81dc17bea253dab5070beec559e749036
x86_64
firefox-115.7.0-1.el8_6.x86_64.rpm SHA-256: 48ea366c92c3dd0f8120eea409424715aec58049426d864ff1979e2588d7ba66
firefox-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 7e233be6e805f37731b3dafcadee16c9182b7cce75e09349d8af5151092bd449
firefox-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 4b641490b6adac9284adabc7c3eaade7dcdd9a183df00a5588bf825da7531660

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.