Red Hat Product Errata RHSA-2020:3241 - Security Advisory

Issued:: 2020-07-30
Updated:: 2020-07-30

RHSA-2020:3241 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.11.0 ESR.

Security Fix(es):

chromium-browser: Use after free in ANGLE (CVE-2020-6463)
chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)
Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)
Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Fixes

BZ - 1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
BZ - 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
BZ - 1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker
BZ - 1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
s390x
firefox-68.11.0-1.el8_2.s390x.rpm	SHA-256: 52c8041f6f2b6c731e0d642942647c236ec4da59e63f1e89497d07974e45b368
firefox-debuginfo-68.11.0-1.el8_2.s390x.rpm	SHA-256: b400705b624a8e98dd9304e0b7471eb3650228a089670195b8ccf24214700d2d
firefox-debugsource-68.11.0-1.el8_2.s390x.rpm	SHA-256: 1643bcb21f3cec30b892ead6db1a6d8ac92f2c04d872503d3c4d41d712882c52

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
s390x
firefox-68.11.0-1.el8_2.s390x.rpm	SHA-256: 52c8041f6f2b6c731e0d642942647c236ec4da59e63f1e89497d07974e45b368
firefox-debuginfo-68.11.0-1.el8_2.s390x.rpm	SHA-256: b400705b624a8e98dd9304e0b7471eb3650228a089670195b8ccf24214700d2d
firefox-debugsource-68.11.0-1.el8_2.s390x.rpm	SHA-256: 1643bcb21f3cec30b892ead6db1a6d8ac92f2c04d872503d3c4d41d712882c52

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
s390x
firefox-68.11.0-1.el8_2.s390x.rpm	SHA-256: 52c8041f6f2b6c731e0d642942647c236ec4da59e63f1e89497d07974e45b368
firefox-debuginfo-68.11.0-1.el8_2.s390x.rpm	SHA-256: b400705b624a8e98dd9304e0b7471eb3650228a089670195b8ccf24214700d2d
firefox-debugsource-68.11.0-1.el8_2.s390x.rpm	SHA-256: 1643bcb21f3cec30b892ead6db1a6d8ac92f2c04d872503d3c4d41d712882c52

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
ppc64le
firefox-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 16e4ec0bd9dffdc124e6e7f71bce13dbf62b2c433409f6eb666eb68e7bcf9835
firefox-debuginfo-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 13fdfcce4718077eac43fb42f03d0df4bfa218e1c14bdeec56ac20ac005eaf0b
firefox-debugsource-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 2c29b07821500588ddd5430d26f81b6159dc1027c1e0ce6f7e991a2aadc868cd

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
ppc64le
firefox-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 16e4ec0bd9dffdc124e6e7f71bce13dbf62b2c433409f6eb666eb68e7bcf9835
firefox-debuginfo-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 13fdfcce4718077eac43fb42f03d0df4bfa218e1c14bdeec56ac20ac005eaf0b
firefox-debugsource-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 2c29b07821500588ddd5430d26f81b6159dc1027c1e0ce6f7e991a2aadc868cd

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
ppc64le
firefox-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 16e4ec0bd9dffdc124e6e7f71bce13dbf62b2c433409f6eb666eb68e7bcf9835
firefox-debuginfo-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 13fdfcce4718077eac43fb42f03d0df4bfa218e1c14bdeec56ac20ac005eaf0b
firefox-debugsource-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 2c29b07821500588ddd5430d26f81b6159dc1027c1e0ce6f7e991a2aadc868cd

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
aarch64
firefox-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 8a35d515bf1b0214c449762946118b26741e811a23d9b74e53810494dc19ff78
firefox-debuginfo-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 3c4031a40c176dbb584a667ff7c521e1366e3ac7fa18bf9fbfc219d92d57c479
firefox-debugsource-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 0731d3c5042c1702f9b19253d4f0ad9a2fc5e44b8b5e44d1500525b452fa97e8

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
aarch64
firefox-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 8a35d515bf1b0214c449762946118b26741e811a23d9b74e53810494dc19ff78
firefox-debuginfo-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 3c4031a40c176dbb584a667ff7c521e1366e3ac7fa18bf9fbfc219d92d57c479
firefox-debugsource-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 0731d3c5042c1702f9b19253d4f0ad9a2fc5e44b8b5e44d1500525b452fa97e8

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
aarch64
firefox-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 8a35d515bf1b0214c449762946118b26741e811a23d9b74e53810494dc19ff78
firefox-debuginfo-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 3c4031a40c176dbb584a667ff7c521e1366e3ac7fa18bf9fbfc219d92d57c479
firefox-debugsource-68.11.0-1.el8_2.aarch64.rpm	SHA-256: 0731d3c5042c1702f9b19253d4f0ad9a2fc5e44b8b5e44d1500525b452fa97e8

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
ppc64le
firefox-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 16e4ec0bd9dffdc124e6e7f71bce13dbf62b2c433409f6eb666eb68e7bcf9835
firefox-debuginfo-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 13fdfcce4718077eac43fb42f03d0df4bfa218e1c14bdeec56ac20ac005eaf0b
firefox-debugsource-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 2c29b07821500588ddd5430d26f81b6159dc1027c1e0ce6f7e991a2aadc868cd

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
ppc64le
firefox-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 16e4ec0bd9dffdc124e6e7f71bce13dbf62b2c433409f6eb666eb68e7bcf9835
firefox-debuginfo-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 13fdfcce4718077eac43fb42f03d0df4bfa218e1c14bdeec56ac20ac005eaf0b
firefox-debugsource-68.11.0-1.el8_2.ppc64le.rpm	SHA-256: 2c29b07821500588ddd5430d26f81b6159dc1027c1e0ce6f7e991a2aadc868cd

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2

SRPM
firefox-68.11.0-1.el8_2.src.rpm	SHA-256: e1ced620d3a38a79344cf6bcd8444c737c47e47d7f16c999e8ba05a70fdc8276
x86_64
firefox-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 385d49043d17af6b295ad00e41b19b447509470b99b610a5cb9de4ed8b03e507
firefox-debuginfo-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 49bea09424306a3451fdd2392f12b10b1db35eba55231e3e9de9b7dc8954e00f
firefox-debugsource-68.11.0-1.el8_2.x86_64.rpm	SHA-256: 538c1b7931e8400de3339b14fc80b0bad855bd7782d12dc289416896dc69a1fa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.