Red Hat Product Errata RHSA-2022:9068 - Security Advisory
Issued:
2022-12-15
Updated:
2022-12-15

RHSA-2022:9068 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

  • Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872)
  • Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878)
  • Mozilla: Use-after-free in WebGL (CVE-2022-46880)
  • Mozilla: Memory corruption in WebGL (CVE-2022-46881)
  • Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874)
  • Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process
  • BZ - 2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
  • BZ - 2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
  • BZ - 2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL
  • BZ - 2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL
  • BZ - 2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
x86_64
firefox-102.6.0-1.el8_6.x86_64.rpm SHA-256: 4dda9028733d41b0e7170f60554ca1c754c73a184e6ee1b98a7fcf28056316ec
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm SHA-256: 25c1869bfee5f666b7ffb6d61be8f70900e511093691bae8d3cf65084d4a3c0a
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm SHA-256: ff599bfe46d7869751131c5ca6fbca8f9e5124946d6d8e61cd96788c64c2ff2d

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
x86_64
firefox-102.6.0-1.el8_6.x86_64.rpm SHA-256: 4dda9028733d41b0e7170f60554ca1c754c73a184e6ee1b98a7fcf28056316ec
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm SHA-256: 25c1869bfee5f666b7ffb6d61be8f70900e511093691bae8d3cf65084d4a3c0a
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm SHA-256: ff599bfe46d7869751131c5ca6fbca8f9e5124946d6d8e61cd96788c64c2ff2d

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
x86_64
firefox-102.6.0-1.el8_6.x86_64.rpm SHA-256: 4dda9028733d41b0e7170f60554ca1c754c73a184e6ee1b98a7fcf28056316ec
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm SHA-256: 25c1869bfee5f666b7ffb6d61be8f70900e511093691bae8d3cf65084d4a3c0a
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm SHA-256: ff599bfe46d7869751131c5ca6fbca8f9e5124946d6d8e61cd96788c64c2ff2d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
s390x
firefox-102.6.0-1.el8_6.s390x.rpm SHA-256: 286043f490423e675c2604ec8556ee8f77d8f1a9d5bbf87e9e556505aa1ec1a0
firefox-debuginfo-102.6.0-1.el8_6.s390x.rpm SHA-256: 0d2e0bdf4cc183d6b51fdab35dfbc98db3ca2a6230328219715b3796d834f050
firefox-debugsource-102.6.0-1.el8_6.s390x.rpm SHA-256: 01ca92e03826535121d8e20eada53f157c3f0475209c89b6e628bccbf3908ffc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
ppc64le
firefox-102.6.0-1.el8_6.ppc64le.rpm SHA-256: ef542526b244916415f49995189ffb9fa1a9bebcdab6a42ae482c92aa2583b84
firefox-debuginfo-102.6.0-1.el8_6.ppc64le.rpm SHA-256: 112f823d2bd31c2e083439f61f5aaf6e42628cfe4b8bc9558a581957b41293dc
firefox-debugsource-102.6.0-1.el8_6.ppc64le.rpm SHA-256: b777070f1ab017110691a7e4a6178006201b8473d12cf042584e1a3fd05747d4

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
x86_64
firefox-102.6.0-1.el8_6.x86_64.rpm SHA-256: 4dda9028733d41b0e7170f60554ca1c754c73a184e6ee1b98a7fcf28056316ec
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm SHA-256: 25c1869bfee5f666b7ffb6d61be8f70900e511093691bae8d3cf65084d4a3c0a
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm SHA-256: ff599bfe46d7869751131c5ca6fbca8f9e5124946d6d8e61cd96788c64c2ff2d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
aarch64
firefox-102.6.0-1.el8_6.aarch64.rpm SHA-256: 6aea3e3a91ae25e3660c222342fb61a112898a538930006ca212060da1e11b1a
firefox-debuginfo-102.6.0-1.el8_6.aarch64.rpm SHA-256: ac562963fd423c6749a8abd3bdeb7f70ddebc484ef4eb6ac17d1c4555e51ad52
firefox-debugsource-102.6.0-1.el8_6.aarch64.rpm SHA-256: edacb734e0e39accca1de3d4bb7a0085b5d30c44e3f7a310f2b09c026b171a3c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
ppc64le
firefox-102.6.0-1.el8_6.ppc64le.rpm SHA-256: ef542526b244916415f49995189ffb9fa1a9bebcdab6a42ae482c92aa2583b84
firefox-debuginfo-102.6.0-1.el8_6.ppc64le.rpm SHA-256: 112f823d2bd31c2e083439f61f5aaf6e42628cfe4b8bc9558a581957b41293dc
firefox-debugsource-102.6.0-1.el8_6.ppc64le.rpm SHA-256: b777070f1ab017110691a7e4a6178006201b8473d12cf042584e1a3fd05747d4

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
firefox-102.6.0-1.el8_6.src.rpm SHA-256: 746ec22c0c5a6b9b8e64f20b27ee3219b12e5e1abad34e7afca4711ce778cfaa
x86_64
firefox-102.6.0-1.el8_6.x86_64.rpm SHA-256: 4dda9028733d41b0e7170f60554ca1c754c73a184e6ee1b98a7fcf28056316ec
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm SHA-256: 25c1869bfee5f666b7ffb6d61be8f70900e511093691bae8d3cf65084d4a3c0a
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm SHA-256: ff599bfe46d7869751131c5ca6fbca8f9e5124946d6d8e61cd96788c64c2ff2d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.