Red Hat Product Errata RHSA-2020:5561 - Security Advisory
Issued:
2020-12-16
Updated:
2020-12-16

RHSA-2020:5561 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.6.0 ESR.

Security Fix(es):

  • chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)
  • Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)
  • Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)
  • Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)
  • Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)
  • Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)
  • Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1904515 - CVE-2020-16042 chromium-browser: Uninitialized Use in V8
  • BZ - 1908022 - CVE-2020-26971 Mozilla: Heap buffer overflow in WebGL
  • BZ - 1908023 - CVE-2020-26973 Mozilla: CSS Sanitizer performed incorrect sanitization
  • BZ - 1908024 - CVE-2020-26974 Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
  • BZ - 1908025 - CVE-2020-26978 Mozilla: Internal network hosts could have been probed by a malicious webpage
  • BZ - 1908027 - CVE-2020-35111 Mozilla: The proxy.onRequest API did not catch view-source URLs
  • BZ - 1908029 - CVE-2020-35113 Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Red Hat Enterprise Linux Server 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
x86_64
firefox-78.6.0-1.el7_9.i686.rpm SHA-256: bf1d730bc442ee051fe0084b2e421676251f6750fa935043adda09511e3cfc2d
firefox-78.6.0-1.el7_9.x86_64.rpm SHA-256: 0c43f31e32701b476f61458bb23a420aa42918db39debdd3ca29b49d062f6014
firefox-debuginfo-78.6.0-1.el7_9.x86_64.rpm SHA-256: 937413146312ed04d2531eec191459e73a29dfb614a70f4a2d577cc9efc28a93

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
x86_64
firefox-78.6.0-1.el7_9.i686.rpm SHA-256: bf1d730bc442ee051fe0084b2e421676251f6750fa935043adda09511e3cfc2d
firefox-78.6.0-1.el7_9.x86_64.rpm SHA-256: 0c43f31e32701b476f61458bb23a420aa42918db39debdd3ca29b49d062f6014
firefox-debuginfo-78.6.0-1.el7_9.x86_64.rpm SHA-256: 937413146312ed04d2531eec191459e73a29dfb614a70f4a2d577cc9efc28a93

Red Hat Enterprise Linux Workstation 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
x86_64
firefox-78.6.0-1.el7_9.i686.rpm SHA-256: bf1d730bc442ee051fe0084b2e421676251f6750fa935043adda09511e3cfc2d
firefox-78.6.0-1.el7_9.x86_64.rpm SHA-256: 0c43f31e32701b476f61458bb23a420aa42918db39debdd3ca29b49d062f6014
firefox-debuginfo-78.6.0-1.el7_9.x86_64.rpm SHA-256: 937413146312ed04d2531eec191459e73a29dfb614a70f4a2d577cc9efc28a93

Red Hat Enterprise Linux Desktop 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
x86_64
firefox-78.6.0-1.el7_9.i686.rpm SHA-256: bf1d730bc442ee051fe0084b2e421676251f6750fa935043adda09511e3cfc2d
firefox-78.6.0-1.el7_9.x86_64.rpm SHA-256: 0c43f31e32701b476f61458bb23a420aa42918db39debdd3ca29b49d062f6014
firefox-debuginfo-78.6.0-1.el7_9.x86_64.rpm SHA-256: 937413146312ed04d2531eec191459e73a29dfb614a70f4a2d577cc9efc28a93

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
s390x
firefox-78.6.0-1.el7_9.s390x.rpm SHA-256: 66f46c1dbd8436d2e563afec6e6f7a7a35bf2fd08791443e884d46c724e88c52
firefox-debuginfo-78.6.0-1.el7_9.s390x.rpm SHA-256: 614eb54742d692d64461deffc6d42b4dce7d62443b7f9e05bfdbf08ea3457f74

Red Hat Enterprise Linux for Power, big endian 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
ppc64
firefox-78.6.0-1.el7_9.ppc64.rpm SHA-256: a416cc176f71528bbf9a55165c2bc37c97a8fd2449fd96bfa30df591e1a73d4c
firefox-debuginfo-78.6.0-1.el7_9.ppc64.rpm SHA-256: 7842809f81a79afbee57142b967925d78eb9c27f07011bd78ca43f8b34ab21be

Red Hat Enterprise Linux for Power, little endian 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
ppc64le
firefox-78.6.0-1.el7_9.ppc64le.rpm SHA-256: 0e416762ddbea424561153c0e361bee5cf4ce2a1864eee94431bf96c7a15dfb0
firefox-debuginfo-78.6.0-1.el7_9.ppc64le.rpm SHA-256: dc7241d2fd97aade0d8ddd2b87c7530bc9bbc84d564acac245707e5eff048dd0

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
s390x
firefox-78.6.0-1.el7_9.s390x.rpm SHA-256: 66f46c1dbd8436d2e563afec6e6f7a7a35bf2fd08791443e884d46c724e88c52
firefox-debuginfo-78.6.0-1.el7_9.s390x.rpm SHA-256: 614eb54742d692d64461deffc6d42b4dce7d62443b7f9e05bfdbf08ea3457f74

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
ppc64
firefox-78.6.0-1.el7_9.ppc64.rpm SHA-256: a416cc176f71528bbf9a55165c2bc37c97a8fd2449fd96bfa30df591e1a73d4c
firefox-debuginfo-78.6.0-1.el7_9.ppc64.rpm SHA-256: 7842809f81a79afbee57142b967925d78eb9c27f07011bd78ca43f8b34ab21be

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-78.6.0-1.el7_9.src.rpm SHA-256: 8018e0b47ed99aa186ba2b2bdf18e508d4941d6ecef2acb316a52f49314b7843
ppc64le
firefox-78.6.0-1.el7_9.ppc64le.rpm SHA-256: 0e416762ddbea424561153c0e361bee5cf4ce2a1864eee94431bf96c7a15dfb0
firefox-debuginfo-78.6.0-1.el7_9.ppc64le.rpm SHA-256: dc7241d2fd97aade0d8ddd2b87c7530bc9bbc84d564acac245707e5eff048dd0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.