Red Hat Product Errata RHSA-2023:4079 - Security Advisory
Issued:
2023-07-13
Updated:
2023-07-13

RHSA-2023:4079 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

  • Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
  • Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
  • Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
  • Mozilla: Fullscreen notification obscured (CVE-2023-37207)
  • Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation
  • BZ - 2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey
  • BZ - 2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured
  • BZ - 2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files
  • BZ - 2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

Red Hat Enterprise Linux Server 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
x86_64
firefox-102.13.0-2.el7_9.i686.rpm SHA-256: 7f7c891e23421b5a4566f5b9bd09a3eb93876ae6cd20d8d60884cc06587348f0
firefox-102.13.0-2.el7_9.x86_64.rpm SHA-256: 711fcd87e7ac13997b1feec9ca69960185eb994a3060ec639900270293ab0a3e
firefox-debuginfo-102.13.0-2.el7_9.i686.rpm SHA-256: f49818930a53b46b1180439219030247473964446d2dca6ea9f9b67a67ffe604
firefox-debuginfo-102.13.0-2.el7_9.x86_64.rpm SHA-256: aab9b4c94ac621a5483357d8d0e08a6b409b5dc9fca705c36941a9e96de79023

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
x86_64
firefox-102.13.0-2.el7_9.i686.rpm SHA-256: 7f7c891e23421b5a4566f5b9bd09a3eb93876ae6cd20d8d60884cc06587348f0
firefox-102.13.0-2.el7_9.x86_64.rpm SHA-256: 711fcd87e7ac13997b1feec9ca69960185eb994a3060ec639900270293ab0a3e
firefox-debuginfo-102.13.0-2.el7_9.i686.rpm SHA-256: f49818930a53b46b1180439219030247473964446d2dca6ea9f9b67a67ffe604
firefox-debuginfo-102.13.0-2.el7_9.x86_64.rpm SHA-256: aab9b4c94ac621a5483357d8d0e08a6b409b5dc9fca705c36941a9e96de79023

Red Hat Enterprise Linux Workstation 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
x86_64
firefox-102.13.0-2.el7_9.i686.rpm SHA-256: 7f7c891e23421b5a4566f5b9bd09a3eb93876ae6cd20d8d60884cc06587348f0
firefox-102.13.0-2.el7_9.x86_64.rpm SHA-256: 711fcd87e7ac13997b1feec9ca69960185eb994a3060ec639900270293ab0a3e
firefox-debuginfo-102.13.0-2.el7_9.i686.rpm SHA-256: f49818930a53b46b1180439219030247473964446d2dca6ea9f9b67a67ffe604
firefox-debuginfo-102.13.0-2.el7_9.x86_64.rpm SHA-256: aab9b4c94ac621a5483357d8d0e08a6b409b5dc9fca705c36941a9e96de79023

Red Hat Enterprise Linux Desktop 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
x86_64
firefox-102.13.0-2.el7_9.i686.rpm SHA-256: 7f7c891e23421b5a4566f5b9bd09a3eb93876ae6cd20d8d60884cc06587348f0
firefox-102.13.0-2.el7_9.x86_64.rpm SHA-256: 711fcd87e7ac13997b1feec9ca69960185eb994a3060ec639900270293ab0a3e
firefox-debuginfo-102.13.0-2.el7_9.i686.rpm SHA-256: f49818930a53b46b1180439219030247473964446d2dca6ea9f9b67a67ffe604
firefox-debuginfo-102.13.0-2.el7_9.x86_64.rpm SHA-256: aab9b4c94ac621a5483357d8d0e08a6b409b5dc9fca705c36941a9e96de79023

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
s390x
firefox-102.13.0-2.el7_9.s390x.rpm SHA-256: b43f28d6505ede04ab423d0aab4bf20cbf9836e221d15c1a7e27970683cfd85c
firefox-debuginfo-102.13.0-2.el7_9.s390x.rpm SHA-256: 0f885227885bd31201617fd6317eadcb98ac1fe9ebba39cb23386455a1e33746

Red Hat Enterprise Linux for Power, big endian 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
ppc64
firefox-102.13.0-2.el7_9.ppc64.rpm SHA-256: a34c020dab3f3e32d4cf09daf5d7bbaf286601f3f192d5a03053c84ea923cc0f
firefox-debuginfo-102.13.0-2.el7_9.ppc64.rpm SHA-256: 2702d1a87b809685e4ac0c54ee928da090cba4d7566692f4062b7bd8eaeceba1

Red Hat Enterprise Linux for Power, little endian 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
ppc64le
firefox-102.13.0-2.el7_9.ppc64le.rpm SHA-256: 82a6de2c19252f46ad2c91113b15ea0a8a878b18b81e9285d38d9a3966efbe3e
firefox-debuginfo-102.13.0-2.el7_9.ppc64le.rpm SHA-256: cdd3fb31e5406f7dc34fa580bc92134a82ba0b9de61dd00fc46c775dea50acf1

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
s390x
firefox-102.13.0-2.el7_9.s390x.rpm SHA-256: b43f28d6505ede04ab423d0aab4bf20cbf9836e221d15c1a7e27970683cfd85c
firefox-debuginfo-102.13.0-2.el7_9.s390x.rpm SHA-256: 0f885227885bd31201617fd6317eadcb98ac1fe9ebba39cb23386455a1e33746

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
ppc64
firefox-102.13.0-2.el7_9.ppc64.rpm SHA-256: a34c020dab3f3e32d4cf09daf5d7bbaf286601f3f192d5a03053c84ea923cc0f
firefox-debuginfo-102.13.0-2.el7_9.ppc64.rpm SHA-256: 2702d1a87b809685e4ac0c54ee928da090cba4d7566692f4062b7bd8eaeceba1

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-102.13.0-2.el7_9.src.rpm SHA-256: 4797d0c63aa7bca175a4003e5b042e86cae6cfefb132b0f17ade0added21b20d
ppc64le
firefox-102.13.0-2.el7_9.ppc64le.rpm SHA-256: 82a6de2c19252f46ad2c91113b15ea0a8a878b18b81e9285d38d9a3966efbe3e
firefox-debuginfo-102.13.0-2.el7_9.ppc64le.rpm SHA-256: cdd3fb31e5406f7dc34fa580bc92134a82ba0b9de61dd00fc46c775dea50acf1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.