Red Hat Product Errata RHSA-2018:2884 - Security Advisory

Issued:: 2018-10-08
Updated:: 2018-10-08

RHSA-2018:2884 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.2.2 ESR.

Security Fix(es):

Mozilla: type confusion in JavaScript (CVE-2018-12386)
Mozilla: stack out-of-bounds read in Array.prototype.push (CVE-2018-12387)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting these issues. The upstream acknowledges Niklas Baumstark, Samuel Groß, and Bruno Keith as the original reporters, via Beyond Security's SecuriTeam Secure Disclosure program.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1635451 - CVE-2018-12386 Mozilla: type confusion in JavaScript
BZ - 1635452 - CVE-2018-12387 Mozilla: stack out-of-bounds read in Array.prototype.push

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux Server - Extended Update Support 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux Server - Extended Update Support 7.5

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux Workstation 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux Desktop 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
s390x
firefox-60.2.2-1.el7_5.s390x.rpm	SHA-256: 619e5df17b1675e07b75a69e79d14a6e50277fc7da18ba1aa2a179cc73cbcb3e
firefox-debuginfo-60.2.2-1.el7_5.s390x.rpm	SHA-256: 6a00dd9d7b409d98af16c1d35ceaf0a06b7dc4b5c4dec2c6256c302c7abe3024

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
s390x
firefox-60.2.2-1.el7_5.s390x.rpm	SHA-256: 619e5df17b1675e07b75a69e79d14a6e50277fc7da18ba1aa2a179cc73cbcb3e
firefox-debuginfo-60.2.2-1.el7_5.s390x.rpm	SHA-256: 6a00dd9d7b409d98af16c1d35ceaf0a06b7dc4b5c4dec2c6256c302c7abe3024

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
s390x
firefox-60.2.2-1.el7_5.s390x.rpm	SHA-256: 619e5df17b1675e07b75a69e79d14a6e50277fc7da18ba1aa2a179cc73cbcb3e
firefox-debuginfo-60.2.2-1.el7_5.s390x.rpm	SHA-256: 6a00dd9d7b409d98af16c1d35ceaf0a06b7dc4b5c4dec2c6256c302c7abe3024

Red Hat Enterprise Linux for Power, big endian 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64
firefox-60.2.2-1.el7_5.ppc64.rpm	SHA-256: 189af75790bb1ebfa42f4d8360f89f19914e134c2b2580f9c82f800f1a1056b6
firefox-debuginfo-60.2.2-1.el7_5.ppc64.rpm	SHA-256: e04f92605414bd283b1a99ca292019037ff5e28be6054f6c9758577ab3a16c46

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64
firefox-60.2.2-1.el7_5.ppc64.rpm	SHA-256: 189af75790bb1ebfa42f4d8360f89f19914e134c2b2580f9c82f800f1a1056b6
firefox-debuginfo-60.2.2-1.el7_5.ppc64.rpm	SHA-256: e04f92605414bd283b1a99ca292019037ff5e28be6054f6c9758577ab3a16c46

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64
firefox-60.2.2-1.el7_5.ppc64.rpm	SHA-256: 189af75790bb1ebfa42f4d8360f89f19914e134c2b2580f9c82f800f1a1056b6
firefox-debuginfo-60.2.2-1.el7_5.ppc64.rpm	SHA-256: e04f92605414bd283b1a99ca292019037ff5e28be6054f6c9758577ab3a16c46

Red Hat Enterprise Linux for Power, little endian 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64le
firefox-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: 2af20380e4165f7912849c8b69a66b512a80b8c900e798f60ce507ab3540f096
firefox-debuginfo-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: a638372ba436f4c4565bda30a0634a00f203e229a39ac049bbbb093441c9a9d7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64le
firefox-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: 2af20380e4165f7912849c8b69a66b512a80b8c900e798f60ce507ab3540f096
firefox-debuginfo-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: a638372ba436f4c4565bda30a0634a00f203e229a39ac049bbbb093441c9a9d7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64le
firefox-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: 2af20380e4165f7912849c8b69a66b512a80b8c900e798f60ce507ab3540f096
firefox-debuginfo-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: a638372ba436f4c4565bda30a0634a00f203e229a39ac049bbbb093441c9a9d7

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux for ARM 64 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
aarch64
firefox-60.2.2-1.el7_5.aarch64.rpm	SHA-256: a09d30ca42f53833ad254228260bc41de3c1247c38d9a1f49dd64973963ade4b
firefox-debuginfo-60.2.2-1.el7_5.aarch64.rpm	SHA-256: abb46f35206eae69cffdd950a98e19b32ffddc52810fedc0c7a58d8e9151ecb3

Red Hat Enterprise Linux for Power 9 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64le
firefox-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: 2af20380e4165f7912849c8b69a66b512a80b8c900e798f60ce507ab3540f096
firefox-debuginfo-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: a638372ba436f4c4565bda30a0634a00f203e229a39ac049bbbb093441c9a9d7

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
ppc64le
firefox-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: 2af20380e4165f7912849c8b69a66b512a80b8c900e798f60ce507ab3540f096
firefox-debuginfo-60.2.2-1.el7_5.ppc64le.rpm	SHA-256: a638372ba436f4c4565bda30a0634a00f203e229a39ac049bbbb093441c9a9d7

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
x86_64
firefox-60.2.2-1.el7_5.i686.rpm	SHA-256: 345610c95c679c3732df15e22cabe3567af259354f3b74efec9ece3b21a50892
firefox-60.2.2-1.el7_5.x86_64.rpm	SHA-256: bb5e324ce04c0c76959980e1a35bcec14f81cfaf8b7c2eabbb877d274ba58550
firefox-debuginfo-60.2.2-1.el7_5.i686.rpm	SHA-256: ea078994a4e3c829308c059ba270a3f40c6374677af65dfce0e3d2bbd1137c71
firefox-debuginfo-60.2.2-1.el7_5.x86_64.rpm	SHA-256: 45f7b450a3a42e3461c61ff7694f1ecc1cf6d635a6f236ee8e03f2f3213e5326

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
firefox-60.2.2-1.el7_5.src.rpm	SHA-256: 53b266b9db48aafdf93e0dc6f99514aa14101725d7e3c2678eb4314a55094c78
s390x
firefox-60.2.2-1.el7_5.s390x.rpm	SHA-256: 619e5df17b1675e07b75a69e79d14a6e50277fc7da18ba1aa2a179cc73cbcb3e
firefox-debuginfo-60.2.2-1.el7_5.s390x.rpm	SHA-256: 6a00dd9d7b409d98af16c1d35ceaf0a06b7dc4b5c4dec2c6256c302c7abe3024

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.