Red Hat Product Errata RHSA-2021:0991 - Security Advisory
Issued:
2021-03-25
Updated:
2021-03-25

RHSA-2021:0991 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.9.0 ESR.

Security Fix(es):

  • Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)
  • Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)
  • Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)
  • Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read
  • BZ - 1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed by a malicious webpage
  • BZ - 1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
  • BZ - 1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
x86_64
firefox-78.9.0-1.el8_1.x86_64.rpm SHA-256: d1c9d6ee9f2f8cad70b8d3dab0a10d38753ab291a850b7a802a473903781d07f
firefox-debuginfo-78.9.0-1.el8_1.x86_64.rpm SHA-256: 341fedfc52d0d6889513553c75f7a6590082ff91a15c35ce051f68bd7770af88
firefox-debugsource-78.9.0-1.el8_1.x86_64.rpm SHA-256: 5b6a0edf784e2ae1bc8c3ccc3b5046ef7663e3d46908769968de33bc04c6a08e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
s390x
firefox-78.9.0-1.el8_1.s390x.rpm SHA-256: 428862e8f3522f53386ae46e97ee783ee1127f6a314ca2df68cffced94bdbbf5
firefox-debuginfo-78.9.0-1.el8_1.s390x.rpm SHA-256: aa1eb430c31026d82589a16cdd1e2fc443e2c8e5ee6ae24bbd43f55f0bb2f6f9
firefox-debugsource-78.9.0-1.el8_1.s390x.rpm SHA-256: 8338ec3266c02a9d55fdbdd78b89fd2f1ab50d9ddd12a3f975088f3c14e2ed7f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
ppc64le
firefox-78.9.0-1.el8_1.ppc64le.rpm SHA-256: 019518e8227e854167ac2c68570f48fee2e191f1a94f4ded52f4d3d406af8ec9
firefox-debuginfo-78.9.0-1.el8_1.ppc64le.rpm SHA-256: 206f0fc4be6eebb9e5b27a2dc0a60f75445a42ea36fde9569d1167553efe1c83
firefox-debugsource-78.9.0-1.el8_1.ppc64le.rpm SHA-256: acadbf48e34709468a6c2f7a780d90910161928809966014a640ce8390744caf

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
aarch64
firefox-78.9.0-1.el8_1.aarch64.rpm SHA-256: 2575ae7c33236a40997b38d040bf8ec3be89bf164f7a3a67bc2de135b3d604a9
firefox-debuginfo-78.9.0-1.el8_1.aarch64.rpm SHA-256: e478c3119bfaaeae57635e88c1063f41703d3bdae32dcce9e00b3c35e7c8647b
firefox-debugsource-78.9.0-1.el8_1.aarch64.rpm SHA-256: c6618a76f1ca4e86aef19b3a5a6191a1e1b744bece0dbe3e18859e23c3550650

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
ppc64le
firefox-78.9.0-1.el8_1.ppc64le.rpm SHA-256: 019518e8227e854167ac2c68570f48fee2e191f1a94f4ded52f4d3d406af8ec9
firefox-debuginfo-78.9.0-1.el8_1.ppc64le.rpm SHA-256: 206f0fc4be6eebb9e5b27a2dc0a60f75445a42ea36fde9569d1167553efe1c83
firefox-debugsource-78.9.0-1.el8_1.ppc64le.rpm SHA-256: acadbf48e34709468a6c2f7a780d90910161928809966014a640ce8390744caf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
firefox-78.9.0-1.el8_1.src.rpm SHA-256: 17c32e67098a1ca683d42f94f2fb4f46cc887ce2aecfcf2c3c75137c31e7f8a7
x86_64
firefox-78.9.0-1.el8_1.x86_64.rpm SHA-256: d1c9d6ee9f2f8cad70b8d3dab0a10d38753ab291a850b7a802a473903781d07f
firefox-debuginfo-78.9.0-1.el8_1.x86_64.rpm SHA-256: 341fedfc52d0d6889513553c75f7a6590082ff91a15c35ce051f68bd7770af88
firefox-debugsource-78.9.0-1.el8_1.x86_64.rpm SHA-256: 5b6a0edf784e2ae1bc8c3ccc3b5046ef7663e3d46908769968de33bc04c6a08e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.