Red Hat Product Errata RHSA-2019:0219 - Security Advisory
Issued:
2019-01-30
Updated:
2019-01-30

RHSA-2019:0219 - Security Advisory

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.5.0 ESR.

Security Fix(es):

  • Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500)
  • Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501)
  • Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1670631 - CVE-2018-18500 Mozilla: Use-after-free parsing HTML5 stream
  • BZ - 1670632 - CVE-2018-18501 Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  • BZ - 1670633 - CVE-2018-18505 Mozilla: Privilege escalation through IPC channel messages

Red Hat Enterprise Linux Server 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux Workstation 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux Desktop 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
s390x
firefox-60.5.0-2.el7.s390x.rpm SHA-256: 8e71065526c99e80244439d58494c9c929a2caede67073788e295f2854145e8b
firefox-debuginfo-60.5.0-2.el7.s390x.rpm SHA-256: d508eddc55c1b6e0a439147a2530e2288c3f113f840a70c2d307605e06d5dca4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
s390x
firefox-60.5.0-2.el7.s390x.rpm SHA-256: 8e71065526c99e80244439d58494c9c929a2caede67073788e295f2854145e8b
firefox-debuginfo-60.5.0-2.el7.s390x.rpm SHA-256: d508eddc55c1b6e0a439147a2530e2288c3f113f840a70c2d307605e06d5dca4

Red Hat Enterprise Linux for Power, big endian 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64
firefox-60.5.0-2.el7.ppc64.rpm SHA-256: 5e19e80f8101eb0945c350d9e8569a7d7b4b914adc3d21359b5cb4fc79b32a75
firefox-debuginfo-60.5.0-2.el7.ppc64.rpm SHA-256: 7b3933c7dbe276298fbc4175c136f992645e1dc07b302512a50e204eb656a8ec

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64
firefox-60.5.0-2.el7.ppc64.rpm SHA-256: 5e19e80f8101eb0945c350d9e8569a7d7b4b914adc3d21359b5cb4fc79b32a75
firefox-debuginfo-60.5.0-2.el7.ppc64.rpm SHA-256: 7b3933c7dbe276298fbc4175c136f992645e1dc07b302512a50e204eb656a8ec

Red Hat Enterprise Linux for Power, little endian 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64le
firefox-60.5.0-2.el7.ppc64le.rpm SHA-256: 0539b73f3be98d4a7f25e2a65f9e79977e866a91ee20611febe2894cfb0018d8
firefox-debuginfo-60.5.0-2.el7.ppc64le.rpm SHA-256: 0f4426cebe03bbdd57ee8aeb22f2031d4a3277058896a35d966155a440c32d7f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64le
firefox-60.5.0-2.el7.ppc64le.rpm SHA-256: 0539b73f3be98d4a7f25e2a65f9e79977e866a91ee20611febe2894cfb0018d8
firefox-debuginfo-60.5.0-2.el7.ppc64le.rpm SHA-256: 0f4426cebe03bbdd57ee8aeb22f2031d4a3277058896a35d966155a440c32d7f

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
s390x
firefox-60.5.0-2.el7.s390x.rpm SHA-256: 8e71065526c99e80244439d58494c9c929a2caede67073788e295f2854145e8b
firefox-debuginfo-60.5.0-2.el7.s390x.rpm SHA-256: d508eddc55c1b6e0a439147a2530e2288c3f113f840a70c2d307605e06d5dca4

Red Hat Enterprise Linux for ARM 64 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
aarch64
firefox-60.5.0-2.el7.aarch64.rpm SHA-256: 83b3dabfa848313852f2c26b3003e4b203849e7d3875468c0bd53364f607efd9
firefox-debuginfo-60.5.0-2.el7.aarch64.rpm SHA-256: 64f113209b1a9a14e2af51f2ef7a0da2a1c3c593b9dd5b794ff4eaf228c32c5a

Red Hat Enterprise Linux for Power 9 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64le
firefox-60.5.0-2.el7.ppc64le.rpm SHA-256: 0539b73f3be98d4a7f25e2a65f9e79977e866a91ee20611febe2894cfb0018d8
firefox-debuginfo-60.5.0-2.el7.ppc64le.rpm SHA-256: 0f4426cebe03bbdd57ee8aeb22f2031d4a3277058896a35d966155a440c32d7f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64le
firefox-60.5.0-2.el7.ppc64le.rpm SHA-256: 0539b73f3be98d4a7f25e2a65f9e79977e866a91ee20611febe2894cfb0018d8
firefox-debuginfo-60.5.0-2.el7.ppc64le.rpm SHA-256: 0f4426cebe03bbdd57ee8aeb22f2031d4a3277058896a35d966155a440c32d7f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
x86_64
firefox-60.5.0-2.el7.i686.rpm SHA-256: 8c0ad76189a14ba842f00f8a3624cfbdcb144f12e455cdeb326a41fc00b4f0db
firefox-60.5.0-2.el7.x86_64.rpm SHA-256: 88bf8d98c75482c0e3fea69fe8c5e5693aac5c103b546abfa775cdffa6af6085
firefox-debuginfo-60.5.0-2.el7.i686.rpm SHA-256: 949af0576d137d8adc8b2f684da9009169e63ca67c729af790514bd647f02384
firefox-debuginfo-60.5.0-2.el7.x86_64.rpm SHA-256: 1ecce951ae1b6948c83ee34c24dcc542d7b2244bc76616498dbea9667d29232a

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
s390x
firefox-60.5.0-2.el7.s390x.rpm SHA-256: 8e71065526c99e80244439d58494c9c929a2caede67073788e295f2854145e8b
firefox-debuginfo-60.5.0-2.el7.s390x.rpm SHA-256: d508eddc55c1b6e0a439147a2530e2288c3f113f840a70c2d307605e06d5dca4

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64
firefox-60.5.0-2.el7.ppc64.rpm SHA-256: 5e19e80f8101eb0945c350d9e8569a7d7b4b914adc3d21359b5cb4fc79b32a75
firefox-debuginfo-60.5.0-2.el7.ppc64.rpm SHA-256: 7b3933c7dbe276298fbc4175c136f992645e1dc07b302512a50e204eb656a8ec

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-60.5.0-2.el7.src.rpm SHA-256: 2f889d2372205fa755d627004414840b8c2117cf02449724eb3ef306c2db7da6
ppc64le
firefox-60.5.0-2.el7.ppc64le.rpm SHA-256: 0539b73f3be98d4a7f25e2a65f9e79977e866a91ee20611febe2894cfb0018d8
firefox-debuginfo-60.5.0-2.el7.ppc64le.rpm SHA-256: 0f4426cebe03bbdd57ee8aeb22f2031d4a3277058896a35d966155a440c32d7f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.