Issued:
2021-04-26
Updated:
2021-04-26

RHSA-2021:1360 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

  • Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)
  • Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)
  • Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961)
  • Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)
  • Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999)
  • Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002)
  • Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945)
  • Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization
  • BZ - 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode
  • BZ - 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed
  • BZ - 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage
  • BZ - 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges
  • BZ - 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL
  • BZ - 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads
  • BZ - 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
s390x
firefox-78.10.0-1.el8_3.s390x.rpm SHA-256: 496429d2d40482cf6535b19a48b2be16095e8b1a6874b5649742f6507bf19813
firefox-debuginfo-78.10.0-1.el8_3.s390x.rpm SHA-256: ac0681b713fa715b0a47e6cd322c7bd37ddfeda32fd9b9c417ebb1f18899b7c4
firefox-debugsource-78.10.0-1.el8_3.s390x.rpm SHA-256: cd507d7d9430f847bb21551e204951c480a6eda60409105c5df9d10b0acbb3bf

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
s390x
firefox-78.10.0-1.el8_3.s390x.rpm SHA-256: 496429d2d40482cf6535b19a48b2be16095e8b1a6874b5649742f6507bf19813
firefox-debuginfo-78.10.0-1.el8_3.s390x.rpm SHA-256: ac0681b713fa715b0a47e6cd322c7bd37ddfeda32fd9b9c417ebb1f18899b7c4
firefox-debugsource-78.10.0-1.el8_3.s390x.rpm SHA-256: cd507d7d9430f847bb21551e204951c480a6eda60409105c5df9d10b0acbb3bf

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
s390x
firefox-78.10.0-1.el8_3.s390x.rpm SHA-256: 496429d2d40482cf6535b19a48b2be16095e8b1a6874b5649742f6507bf19813
firefox-debuginfo-78.10.0-1.el8_3.s390x.rpm SHA-256: ac0681b713fa715b0a47e6cd322c7bd37ddfeda32fd9b9c417ebb1f18899b7c4
firefox-debugsource-78.10.0-1.el8_3.s390x.rpm SHA-256: cd507d7d9430f847bb21551e204951c480a6eda60409105c5df9d10b0acbb3bf

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
ppc64le
firefox-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 0e79da31b0b189bfbb96a8fa7b46c99a8ce9c4bec86a4bf9977111102622c1ca
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm SHA-256: ebdd4c863df7d42dfd221fa242a82307a4c7e0149db3c7a479105dfc3a02dc38
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 7b0ff67f3b9920e2c58b2d28a38bf5a70a67f2d755639b63e7916b92ed358551

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
ppc64le
firefox-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 0e79da31b0b189bfbb96a8fa7b46c99a8ce9c4bec86a4bf9977111102622c1ca
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm SHA-256: ebdd4c863df7d42dfd221fa242a82307a4c7e0149db3c7a479105dfc3a02dc38
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 7b0ff67f3b9920e2c58b2d28a38bf5a70a67f2d755639b63e7916b92ed358551

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
ppc64le
firefox-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 0e79da31b0b189bfbb96a8fa7b46c99a8ce9c4bec86a4bf9977111102622c1ca
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm SHA-256: ebdd4c863df7d42dfd221fa242a82307a4c7e0149db3c7a479105dfc3a02dc38
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 7b0ff67f3b9920e2c58b2d28a38bf5a70a67f2d755639b63e7916b92ed358551

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
aarch64
firefox-78.10.0-1.el8_3.aarch64.rpm SHA-256: c7a87d25682e03a7e74ef7842a5f9639e23b6eae87521c6738f762a90b41253b
firefox-debuginfo-78.10.0-1.el8_3.aarch64.rpm SHA-256: 0861720aaa71520445ecfecd930555922f732003130894424b9a47b8dadbba5a
firefox-debugsource-78.10.0-1.el8_3.aarch64.rpm SHA-256: 756ca9df91ecf10a090507b36a2c9e2fc895172c10c1169660f01db3c15210b6

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
aarch64
firefox-78.10.0-1.el8_3.aarch64.rpm SHA-256: c7a87d25682e03a7e74ef7842a5f9639e23b6eae87521c6738f762a90b41253b
firefox-debuginfo-78.10.0-1.el8_3.aarch64.rpm SHA-256: 0861720aaa71520445ecfecd930555922f732003130894424b9a47b8dadbba5a
firefox-debugsource-78.10.0-1.el8_3.aarch64.rpm SHA-256: 756ca9df91ecf10a090507b36a2c9e2fc895172c10c1169660f01db3c15210b6

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
aarch64
firefox-78.10.0-1.el8_3.aarch64.rpm SHA-256: c7a87d25682e03a7e74ef7842a5f9639e23b6eae87521c6738f762a90b41253b
firefox-debuginfo-78.10.0-1.el8_3.aarch64.rpm SHA-256: 0861720aaa71520445ecfecd930555922f732003130894424b9a47b8dadbba5a
firefox-debugsource-78.10.0-1.el8_3.aarch64.rpm SHA-256: 756ca9df91ecf10a090507b36a2c9e2fc895172c10c1169660f01db3c15210b6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
ppc64le
firefox-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 0e79da31b0b189bfbb96a8fa7b46c99a8ce9c4bec86a4bf9977111102622c1ca
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm SHA-256: ebdd4c863df7d42dfd221fa242a82307a4c7e0149db3c7a479105dfc3a02dc38
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 7b0ff67f3b9920e2c58b2d28a38bf5a70a67f2d755639b63e7916b92ed358551

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
ppc64le
firefox-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 0e79da31b0b189bfbb96a8fa7b46c99a8ce9c4bec86a4bf9977111102622c1ca
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm SHA-256: ebdd4c863df7d42dfd221fa242a82307a4c7e0149db3c7a479105dfc3a02dc38
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm SHA-256: 7b0ff67f3b9920e2c58b2d28a38bf5a70a67f2d755639b63e7916b92ed358551

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
firefox-78.10.0-1.el8_3.src.rpm SHA-256: 8912ccaadfaea95295b22af291e1e85f8f628c430822f52ece82c0da1dbe9ae9
x86_64
firefox-78.10.0-1.el8_3.x86_64.rpm SHA-256: 534acd807f85b9468c86b527b6438023ee5a147052f36a6b36c64a225280fbfb
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm SHA-256: 2657839ecee3ca0a1bc140adee7eda8801b7191d8ff492466d2fc670093b9399
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm SHA-256: d05e4da472e947928e34763b4e348096da1a67d323faa7d2543a35c002fbc62b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.