Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.3.0 ESR.

Security Fix(es):

• Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673)
  
• Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676)
  
• Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
  
• Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux Server - AUS 8.2 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.2 x86_64
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Fixes

• BZ - 1881664 - CVE-2020-15677 Mozilla: Download origin spoofing via redirect
• BZ - 1881665 - CVE-2020-15676 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
• BZ - 1881666 - CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
• BZ - 1881667 - CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3

CVEs

• CVE-2020-15673
• CVE-2020-15676
• CVE-2020-15677
• CVE-2020-15678

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
x86_64
firefox-78.3.0-1.el8_2.x86_64.rpm	SHA-256: af3c5819462d1aa5e0ba24e227400c87a7f2c100749c7ee4eb74ac303231d83d
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 5a3e99d136656318984e9c3ccc2151a7af9575498bc0cf0ed2c8573ee1e5e14c
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 49bc106273888c3dc046861766c1a9cba9bd6a52ef89b93a33c6d5c1063892c9

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
x86_64
firefox-78.3.0-1.el8_2.x86_64.rpm	SHA-256: af3c5819462d1aa5e0ba24e227400c87a7f2c100749c7ee4eb74ac303231d83d
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 5a3e99d136656318984e9c3ccc2151a7af9575498bc0cf0ed2c8573ee1e5e14c
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 49bc106273888c3dc046861766c1a9cba9bd6a52ef89b93a33c6d5c1063892c9

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
x86_64
firefox-78.3.0-1.el8_2.x86_64.rpm	SHA-256: af3c5819462d1aa5e0ba24e227400c87a7f2c100749c7ee4eb74ac303231d83d
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 5a3e99d136656318984e9c3ccc2151a7af9575498bc0cf0ed2c8573ee1e5e14c
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 49bc106273888c3dc046861766c1a9cba9bd6a52ef89b93a33c6d5c1063892c9

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
s390x
firefox-78.3.0-1.el8_2.s390x.rpm	SHA-256: 94732864be27a48fe8af5c9a4f191b31eb6ab76f863a1f628b32be1e58de0c76
firefox-debuginfo-78.3.0-1.el8_2.s390x.rpm	SHA-256: 4c77a43d6f3b28a28ab162aae034fe1ec59f0c823e8109ba9054132ea4719a2d
firefox-debugsource-78.3.0-1.el8_2.s390x.rpm	SHA-256: 6ccd6261c56d08cde18f00d718fc16e1b263bc746a3f08b5be00928fb4fa84ae

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
s390x
firefox-78.3.0-1.el8_2.s390x.rpm	SHA-256: 94732864be27a48fe8af5c9a4f191b31eb6ab76f863a1f628b32be1e58de0c76
firefox-debuginfo-78.3.0-1.el8_2.s390x.rpm	SHA-256: 4c77a43d6f3b28a28ab162aae034fe1ec59f0c823e8109ba9054132ea4719a2d
firefox-debugsource-78.3.0-1.el8_2.s390x.rpm	SHA-256: 6ccd6261c56d08cde18f00d718fc16e1b263bc746a3f08b5be00928fb4fa84ae

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
ppc64le
firefox-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: f632a88b53e58b724e3347a06a90bfc30d0d7fb9f610e7e1834f5004246a70c7
firefox-debuginfo-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: e4d6557dd1dabcee0590fdcbe73d0c8a36be15b479e24cf408d634706bcf2dc8
firefox-debugsource-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: 35a492041d3f8033cc11df402d192b0b48d8bb80a42d6e77be9d736c5bd963b8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
ppc64le
firefox-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: f632a88b53e58b724e3347a06a90bfc30d0d7fb9f610e7e1834f5004246a70c7
firefox-debuginfo-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: e4d6557dd1dabcee0590fdcbe73d0c8a36be15b479e24cf408d634706bcf2dc8
firefox-debugsource-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: 35a492041d3f8033cc11df402d192b0b48d8bb80a42d6e77be9d736c5bd963b8

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
x86_64
firefox-78.3.0-1.el8_2.x86_64.rpm	SHA-256: af3c5819462d1aa5e0ba24e227400c87a7f2c100749c7ee4eb74ac303231d83d
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 5a3e99d136656318984e9c3ccc2151a7af9575498bc0cf0ed2c8573ee1e5e14c
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 49bc106273888c3dc046861766c1a9cba9bd6a52ef89b93a33c6d5c1063892c9

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
aarch64
firefox-78.3.0-1.el8_2.aarch64.rpm	SHA-256: 1230e039d1638c5b2d4addfa0b11bd8cbf8f3ffd7dc1e0d1d6a22fbc59b1afe0
firefox-debuginfo-78.3.0-1.el8_2.aarch64.rpm	SHA-256: a5f211ec27b1e9a5ec835628b5d72f41848a7c1a8b225aae172ced0fe4ef6e50
firefox-debugsource-78.3.0-1.el8_2.aarch64.rpm	SHA-256: 678a1f737ed133e35958096e5c4dde20d2e9d6b1e71589883c327935e2634db7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
aarch64
firefox-78.3.0-1.el8_2.aarch64.rpm	SHA-256: 1230e039d1638c5b2d4addfa0b11bd8cbf8f3ffd7dc1e0d1d6a22fbc59b1afe0
firefox-debuginfo-78.3.0-1.el8_2.aarch64.rpm	SHA-256: a5f211ec27b1e9a5ec835628b5d72f41848a7c1a8b225aae172ced0fe4ef6e50
firefox-debugsource-78.3.0-1.el8_2.aarch64.rpm	SHA-256: 678a1f737ed133e35958096e5c4dde20d2e9d6b1e71589883c327935e2634db7

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
ppc64le
firefox-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: f632a88b53e58b724e3347a06a90bfc30d0d7fb9f610e7e1834f5004246a70c7
firefox-debuginfo-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: e4d6557dd1dabcee0590fdcbe73d0c8a36be15b479e24cf408d634706bcf2dc8
firefox-debugsource-78.3.0-1.el8_2.ppc64le.rpm	SHA-256: 35a492041d3f8033cc11df402d192b0b48d8bb80a42d6e77be9d736c5bd963b8

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2

SRPM
firefox-78.3.0-1.el8_2.src.rpm	SHA-256: 0b392cbad4547a30356d8c1c71d5e24b541b357b473004e7a573745355e71d8b
x86_64
firefox-78.3.0-1.el8_2.x86_64.rpm	SHA-256: af3c5819462d1aa5e0ba24e227400c87a7f2c100749c7ee4eb74ac303231d83d
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 5a3e99d136656318984e9c3ccc2151a7af9575498bc0cf0ed2c8573ee1e5e14c
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm	SHA-256: 49bc106273888c3dc046861766c1a9cba9bd6a52ef89b93a33c6d5c1063892c9