Red Hat Product Errata RHSA-2023:4069 - Security Advisory
Issued:
2023-07-13
Updated:
2023-07-13

RHSA-2023:4069 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

  • Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
  • Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
  • Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
  • Mozilla: Fullscreen notification obscured (CVE-2023-37207)
  • Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation
  • BZ - 2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey
  • BZ - 2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured
  • BZ - 2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files
  • BZ - 2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
x86_64
firefox-102.13.0-2.el8_6.x86_64.rpm SHA-256: dbdbb57b76e229c6662eca465ae8e903724fce7ee2ed6c3ac60bc972a51e6116
firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm SHA-256: 911859f02e78954874149b8c5f9e638aca0eac857da3fd945e297e454dc00aeb
firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm SHA-256: 63e96efc5c69d1aab2e36feb53d4eb519871b5f8b3ad913e1a14e3ad86ae6aa7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
x86_64
firefox-102.13.0-2.el8_6.x86_64.rpm SHA-256: dbdbb57b76e229c6662eca465ae8e903724fce7ee2ed6c3ac60bc972a51e6116
firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm SHA-256: 911859f02e78954874149b8c5f9e638aca0eac857da3fd945e297e454dc00aeb
firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm SHA-256: 63e96efc5c69d1aab2e36feb53d4eb519871b5f8b3ad913e1a14e3ad86ae6aa7

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
x86_64
firefox-102.13.0-2.el8_6.x86_64.rpm SHA-256: dbdbb57b76e229c6662eca465ae8e903724fce7ee2ed6c3ac60bc972a51e6116
firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm SHA-256: 911859f02e78954874149b8c5f9e638aca0eac857da3fd945e297e454dc00aeb
firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm SHA-256: 63e96efc5c69d1aab2e36feb53d4eb519871b5f8b3ad913e1a14e3ad86ae6aa7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
s390x
firefox-102.13.0-2.el8_6.s390x.rpm SHA-256: a87440a267e5921500c3f0ab9430965392ebc823781e4663584d3191c792219a
firefox-debuginfo-102.13.0-2.el8_6.s390x.rpm SHA-256: c2bdafecb845785fed573203d83c1e2a03d5edccf657924a57f398e534879b53
firefox-debugsource-102.13.0-2.el8_6.s390x.rpm SHA-256: ce04917c5746e87baa17e5bb86685704168edcd439732626b6dcaf046ef905ea

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
ppc64le
firefox-102.13.0-2.el8_6.ppc64le.rpm SHA-256: 91d10ef33eaa546fd6993ceb7c0bbf445e6fe248f3974132ba3a5759f112e069
firefox-debuginfo-102.13.0-2.el8_6.ppc64le.rpm SHA-256: a6d106ec842c04fe45936569b2014e1eb7a11e850815ce0bf1d78613dd94e8ef
firefox-debugsource-102.13.0-2.el8_6.ppc64le.rpm SHA-256: 6d48f6ccb341767ab16c8d317261e55196f80290b4b1ad14b51dd9b96dec5f02

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
x86_64
firefox-102.13.0-2.el8_6.x86_64.rpm SHA-256: dbdbb57b76e229c6662eca465ae8e903724fce7ee2ed6c3ac60bc972a51e6116
firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm SHA-256: 911859f02e78954874149b8c5f9e638aca0eac857da3fd945e297e454dc00aeb
firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm SHA-256: 63e96efc5c69d1aab2e36feb53d4eb519871b5f8b3ad913e1a14e3ad86ae6aa7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
aarch64
firefox-102.13.0-2.el8_6.aarch64.rpm SHA-256: 45197af44b131cd385ff824113e46e03f8abfc04e0f9b91880c73c3607a746a7
firefox-debuginfo-102.13.0-2.el8_6.aarch64.rpm SHA-256: 17dc96c3d7c46f9b0fab29f724706b8a5a47a81947d16c16e612059c6f8896c7
firefox-debugsource-102.13.0-2.el8_6.aarch64.rpm SHA-256: d824a69de3f7ae6fa3563a698ae065ed165052087e5374ba65a5e99168ece6f6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
ppc64le
firefox-102.13.0-2.el8_6.ppc64le.rpm SHA-256: 91d10ef33eaa546fd6993ceb7c0bbf445e6fe248f3974132ba3a5759f112e069
firefox-debuginfo-102.13.0-2.el8_6.ppc64le.rpm SHA-256: a6d106ec842c04fe45936569b2014e1eb7a11e850815ce0bf1d78613dd94e8ef
firefox-debugsource-102.13.0-2.el8_6.ppc64le.rpm SHA-256: 6d48f6ccb341767ab16c8d317261e55196f80290b4b1ad14b51dd9b96dec5f02

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
firefox-102.13.0-2.el8_6.src.rpm SHA-256: 3e32efa84c94238c17b945781cabf2c8009454e3937a89f1d75925c15532c42a
x86_64
firefox-102.13.0-2.el8_6.x86_64.rpm SHA-256: dbdbb57b76e229c6662eca465ae8e903724fce7ee2ed6c3ac60bc972a51e6116
firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm SHA-256: 911859f02e78954874149b8c5f9e638aca0eac857da3fd945e297e454dc00aeb
firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm SHA-256: 63e96efc5c69d1aab2e36feb53d4eb519871b5f8b3ad913e1a14e3ad86ae6aa7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.