Red Hat Product Errata RHSA-2023:1785 - Security Advisory
Issued:
2023-04-14
Updated:
2023-04-14

RHSA-2023:1785 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.10.0 ESR.

Security Fix(es):

  • MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)
  • Mozilla: Fullscreen notification obscured (CVE-2023-29533)
  • Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
  • Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
  • Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
  • Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
  • Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
  • Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
  • Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured
  • BZ - 2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp
  • BZ - 2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction
  • BZ - 2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code
  • BZ - 2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download
  • BZ - 2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
  • BZ - 2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code
  • BZ - 2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64
  • BZ - 2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
x86_64
firefox-102.10.0-1.el9_0.x86_64.rpm SHA-256: b04d9b454429c5e3a5d398cd5a8d312bff34a9396c9a64e3454a24229909c35e
firefox-debuginfo-102.10.0-1.el9_0.x86_64.rpm SHA-256: 6b54d307f51398190aec5b5c4628d513779f8d3aeb0dee27e4e9776048a66b7e
firefox-debugsource-102.10.0-1.el9_0.x86_64.rpm SHA-256: 828d6b63d4351a919fd9770c737a6aba61a2ee186346dbbeb9b5fc7a5bb6fd1b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
s390x
firefox-102.10.0-1.el9_0.s390x.rpm SHA-256: 78fd1aefafad30d851d32b519d3e8bbb322a2ad3cbc9e464aa4386798719d9ab
firefox-debuginfo-102.10.0-1.el9_0.s390x.rpm SHA-256: 148362ba81f1185843c579afbba843db89bce01a0eb86d00d66e3d6149f5de12
firefox-debugsource-102.10.0-1.el9_0.s390x.rpm SHA-256: 18d2669a0213f07e2ef826e407258457985f90e6fef95e86a6d7d5f588d7af21

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
ppc64le
firefox-102.10.0-1.el9_0.ppc64le.rpm SHA-256: c76ca559213aa14ff1154e7bb28152731e9de0d47e117ef21718878beb7cedc8
firefox-debuginfo-102.10.0-1.el9_0.ppc64le.rpm SHA-256: d6d9e43d5762df72c42d82e559b68f5d5d79f418e27f2f519694a5163fd202af
firefox-debugsource-102.10.0-1.el9_0.ppc64le.rpm SHA-256: d99f32d07329e27c2ab47365abc5dec1fc1639d9fda620b1d72efeddff413aa0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
aarch64
firefox-102.10.0-1.el9_0.aarch64.rpm SHA-256: d644a3222f66b3a00173f0b7e161bdf7ee5a8d643bcf11d907ab4f96bfc48896
firefox-debuginfo-102.10.0-1.el9_0.aarch64.rpm SHA-256: f13abbc5e9261e4ed877d0d2615844b4f94fba2b047aab841c90ef7af4074cb0
firefox-debugsource-102.10.0-1.el9_0.aarch64.rpm SHA-256: 515aeed8d72d4f1e7de38a5397b12a0798ff2d6866df0617536797d5706bca90

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
ppc64le
firefox-102.10.0-1.el9_0.ppc64le.rpm SHA-256: c76ca559213aa14ff1154e7bb28152731e9de0d47e117ef21718878beb7cedc8
firefox-debuginfo-102.10.0-1.el9_0.ppc64le.rpm SHA-256: d6d9e43d5762df72c42d82e559b68f5d5d79f418e27f2f519694a5163fd202af
firefox-debugsource-102.10.0-1.el9_0.ppc64le.rpm SHA-256: d99f32d07329e27c2ab47365abc5dec1fc1639d9fda620b1d72efeddff413aa0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
x86_64
firefox-102.10.0-1.el9_0.x86_64.rpm SHA-256: b04d9b454429c5e3a5d398cd5a8d312bff34a9396c9a64e3454a24229909c35e
firefox-debuginfo-102.10.0-1.el9_0.x86_64.rpm SHA-256: 6b54d307f51398190aec5b5c4628d513779f8d3aeb0dee27e4e9776048a66b7e
firefox-debugsource-102.10.0-1.el9_0.x86_64.rpm SHA-256: 828d6b63d4351a919fd9770c737a6aba61a2ee186346dbbeb9b5fc7a5bb6fd1b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
aarch64
firefox-102.10.0-1.el9_0.aarch64.rpm SHA-256: d644a3222f66b3a00173f0b7e161bdf7ee5a8d643bcf11d907ab4f96bfc48896
firefox-debuginfo-102.10.0-1.el9_0.aarch64.rpm SHA-256: f13abbc5e9261e4ed877d0d2615844b4f94fba2b047aab841c90ef7af4074cb0
firefox-debugsource-102.10.0-1.el9_0.aarch64.rpm SHA-256: 515aeed8d72d4f1e7de38a5397b12a0798ff2d6866df0617536797d5706bca90

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
firefox-102.10.0-1.el9_0.src.rpm SHA-256: 6dd413d3faa66e4a3102eece58275a64f3150f6191773dd93e3655aa40f073d1
s390x
firefox-102.10.0-1.el9_0.s390x.rpm SHA-256: 78fd1aefafad30d851d32b519d3e8bbb322a2ad3cbc9e464aa4386798719d9ab
firefox-debuginfo-102.10.0-1.el9_0.s390x.rpm SHA-256: 148362ba81f1185843c579afbba843db89bce01a0eb86d00d66e3d6149f5de12
firefox-debugsource-102.10.0-1.el9_0.s390x.rpm SHA-256: 18d2669a0213f07e2ef826e407258457985f90e6fef95e86a6d7d5f588d7af21

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.