Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:0459 - Security Advisory
Issued:
2017-03-08
Updated:
2017-03-08

RHSA-2017:0459 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.8.0 ESR.

Security Fix(es):

  • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 1429778 - CVE-2017-5400 Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
  • BZ - 1429779 - CVE-2017-5401 Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
  • BZ - 1429780 - CVE-2017-5402 Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
  • BZ - 1429781 - CVE-2017-5404 Mozilla: Use-after-free working with ranges in selections (MFSA 2017-06)
  • BZ - 1429782 - CVE-2017-5407 Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
  • BZ - 1429783 - CVE-2017-5410 Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
  • BZ - 1429784 - CVE-2017-5408 Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)
  • BZ - 1429785 - CVE-2017-5405 Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
  • BZ - 1429786 - CVE-2017-5398 Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

CVEs

  • CVE-2017-5398
  • CVE-2017-5400
  • CVE-2017-5401
  • CVE-2017-5402
  • CVE-2017-5404
  • CVE-2017-5405
  • CVE-2017-5407
  • CVE-2017-5408
  • CVE-2017-5410

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://www.mozilla.org/en-US/security/advisories/mfsa2017-06
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
x86_64
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-45.8.0-2.el6_8.x86_64.rpm SHA-256: ffd56b0dc0d19d7a4addd39bee5af59d9d6100117af47a8483c8d3da5d228b39
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe
firefox-debuginfo-45.8.0-2.el6_8.x86_64.rpm SHA-256: f06441b4d9d760f716c50193167c598a115087b9e892a7038d50189b2c790087
i386
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe

Red Hat Enterprise Linux Server 5

SRPM
firefox-45.8.0-2.el5_11.src.rpm SHA-256: a1aeebbc3cb1b2c3846f9229323c02951549c85dd84be705156c30ece98b3cae
x86_64
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-45.8.0-2.el5_11.x86_64.rpm SHA-256: 8fd6c8ffa81b699f42da7212b6dca0e3ebdec8de90db57a590362fb575cd3242
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775
firefox-debuginfo-45.8.0-2.el5_11.x86_64.rpm SHA-256: a7023aa39a5569afc51861b7083ef0a5e92086026def46a2aa47c32ca621bc64
i386
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
x86_64
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-45.8.0-2.el6_8.x86_64.rpm SHA-256: ffd56b0dc0d19d7a4addd39bee5af59d9d6100117af47a8483c8d3da5d228b39
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe
firefox-debuginfo-45.8.0-2.el6_8.x86_64.rpm SHA-256: f06441b4d9d760f716c50193167c598a115087b9e892a7038d50189b2c790087
i386
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe

Red Hat Enterprise Linux Workstation 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
x86_64
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-45.8.0-2.el6_8.x86_64.rpm SHA-256: ffd56b0dc0d19d7a4addd39bee5af59d9d6100117af47a8483c8d3da5d228b39
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe
firefox-debuginfo-45.8.0-2.el6_8.x86_64.rpm SHA-256: f06441b4d9d760f716c50193167c598a115087b9e892a7038d50189b2c790087
i386
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe

Red Hat Enterprise Linux Workstation 5

SRPM
firefox-45.8.0-2.el5_11.src.rpm SHA-256: a1aeebbc3cb1b2c3846f9229323c02951549c85dd84be705156c30ece98b3cae
x86_64
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-45.8.0-2.el5_11.x86_64.rpm SHA-256: 8fd6c8ffa81b699f42da7212b6dca0e3ebdec8de90db57a590362fb575cd3242
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775
firefox-debuginfo-45.8.0-2.el5_11.x86_64.rpm SHA-256: a7023aa39a5569afc51861b7083ef0a5e92086026def46a2aa47c32ca621bc64
i386
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775

Red Hat Enterprise Linux Desktop 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
x86_64
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-45.8.0-2.el6_8.x86_64.rpm SHA-256: ffd56b0dc0d19d7a4addd39bee5af59d9d6100117af47a8483c8d3da5d228b39
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe
firefox-debuginfo-45.8.0-2.el6_8.x86_64.rpm SHA-256: f06441b4d9d760f716c50193167c598a115087b9e892a7038d50189b2c790087
i386
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe

Red Hat Enterprise Linux Desktop 5

SRPM
firefox-45.8.0-2.el5_11.src.rpm SHA-256: a1aeebbc3cb1b2c3846f9229323c02951549c85dd84be705156c30ece98b3cae
x86_64
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-45.8.0-2.el5_11.x86_64.rpm SHA-256: 8fd6c8ffa81b699f42da7212b6dca0e3ebdec8de90db57a590362fb575cd3242
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775
firefox-debuginfo-45.8.0-2.el5_11.x86_64.rpm SHA-256: a7023aa39a5569afc51861b7083ef0a5e92086026def46a2aa47c32ca621bc64
i386
firefox-45.8.0-2.el5_11.i386.rpm SHA-256: 5c237b8fff07f14a3de110a08496d8463b8acfc98365464857bdf490aafb1e53
firefox-debuginfo-45.8.0-2.el5_11.i386.rpm SHA-256: 17741fb5c0f97c2424c5ee7e5d02c0253dcd174a58e76e35ea0c2a24d8ee6775

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
s390x
firefox-45.8.0-2.el6_8.s390.rpm SHA-256: 0f1e7867622dec0108280510acb355749ee6a705a150a3e3890c464a3bcffeed
firefox-45.8.0-2.el6_8.s390x.rpm SHA-256: cc5bc22fd49635ded4336d727f1da162c63f417991129512b890fac8e6282ed3
firefox-debuginfo-45.8.0-2.el6_8.s390.rpm SHA-256: 4fea068893d709668bdaa6b2177819d6a6c719322e7b66d6fe58d4e1e8a1e95f
firefox-debuginfo-45.8.0-2.el6_8.s390x.rpm SHA-256: b74921fdf6171b926b7c35149b9a806d219581769ab90043628463b1db6c9d90

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
firefox-45.8.0-2.el5_11.src.rpm SHA-256: a1aeebbc3cb1b2c3846f9229323c02951549c85dd84be705156c30ece98b3cae
s390x
firefox-45.8.0-2.el5_11.s390.rpm SHA-256: d46e814a803d2969c2682df24ec9f1be9400a94c5328c2932b04ea14f465e6ff
firefox-45.8.0-2.el5_11.s390x.rpm SHA-256: c9534c96d5ae9cc5476acaf8af9eec2a4431c76241bf6418a1d04d7ac1a2f876
firefox-debuginfo-45.8.0-2.el5_11.s390.rpm SHA-256: e64cfa9d55eae14db9b58a4b9795f9d6a83096b16217ee20793c68cb03ed7232
firefox-debuginfo-45.8.0-2.el5_11.s390x.rpm SHA-256: 69a27454fd9684e60a18d67b5ddb7fd7a3bb2cae194fe7336284c1bae2871fac

Red Hat Enterprise Linux for Power, big endian 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
ppc64
firefox-45.8.0-2.el6_8.ppc.rpm SHA-256: 7dbec426df1bdb1af4de0f9c2c75e474977c6c5362745ff558ac38f337c37ce0
firefox-45.8.0-2.el6_8.ppc64.rpm SHA-256: 2fda34bbb52d620b61c901fb6e6a3f575102f8160088d4a3facc4c9cd75a7887
firefox-debuginfo-45.8.0-2.el6_8.ppc.rpm SHA-256: eb8b25256c5a8f288b2f8db856a38ca74985e803df4b7fb37a0b623f792abb95
firefox-debuginfo-45.8.0-2.el6_8.ppc64.rpm SHA-256: 854bfead77e602d3c838756ec9e111b7e98d04ede44f6beee44f9bb447c3082f

Red Hat Enterprise Linux for Power, big endian 5

SRPM
firefox-45.8.0-2.el5_11.src.rpm SHA-256: a1aeebbc3cb1b2c3846f9229323c02951549c85dd84be705156c30ece98b3cae
ppc
firefox-45.8.0-2.el5_11.ppc64.rpm SHA-256: 46f5dd55cd441d8fc715d7dbc61816605582e1f9c69c4ceba858c6e12dd7f8da
firefox-debuginfo-45.8.0-2.el5_11.ppc64.rpm SHA-256: 70871647e63b8fe1481c818ab891388c8ef3c0470f2d43303153199ace83a4ad

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
x86_64
firefox-45.8.0-2.el6_8.i686.rpm SHA-256: f1358584ceef6eee42abd6258ddfdc0227f8c72ea736d8ace2a09af97bf6cbb4
firefox-45.8.0-2.el6_8.x86_64.rpm SHA-256: ffd56b0dc0d19d7a4addd39bee5af59d9d6100117af47a8483c8d3da5d228b39
firefox-debuginfo-45.8.0-2.el6_8.i686.rpm SHA-256: 174180d006b44855218615acde3a5493707971bec6462af085442ca8119c5ebe
firefox-debuginfo-45.8.0-2.el6_8.x86_64.rpm SHA-256: f06441b4d9d760f716c50193167c598a115087b9e892a7038d50189b2c790087

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
firefox-45.8.0-2.el6_8.src.rpm SHA-256: 62e14c1de5da3b700357f1220416f0a1d4b4a7747fa3eddf1c78e75668c0e83d
s390x
firefox-45.8.0-2.el6_8.s390.rpm SHA-256: 0f1e7867622dec0108280510acb355749ee6a705a150a3e3890c464a3bcffeed
firefox-45.8.0-2.el6_8.s390x.rpm SHA-256: cc5bc22fd49635ded4336d727f1da162c63f417991129512b890fac8e6282ed3
firefox-debuginfo-45.8.0-2.el6_8.s390.rpm SHA-256: 4fea068893d709668bdaa6b2177819d6a6c719322e7b66d6fe58d4e1e8a1e95f
firefox-debuginfo-45.8.0-2.el6_8.s390x.rpm SHA-256: b74921fdf6171b926b7c35149b9a806d219581769ab90043628463b1db6c9d90

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter