Red Hat Product Errata RHSA-2023:6187 - Security Advisory
Issued:
2023-10-30
Updated:
2023-10-30

RHSA-2023:6187 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.4.0 ESR.

Security Fix(es):

  • Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721)
  • Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730)
  • libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)
  • Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724)
  • Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725)
  • Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)
  • Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx
  • BZ - 2245896 - CVE-2023-5721 Mozilla: Queued up rendering could have allowed websites to clickjack
  • BZ - 2245898 - CVE-2023-5732 Mozilla: Address bar spoofing via bidirectional characters
  • BZ - 2245899 - CVE-2023-5724 Mozilla: Large WebGL draw could have led to a crash
  • BZ - 2245900 - CVE-2023-5725 Mozilla: WebExtensions could open arbitrary URLs
  • BZ - 2245903 - CVE-2023-5728 Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
  • BZ - 2245906 - CVE-2023-5730 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
x86_64
firefox-115.4.0-1.el8_8.x86_64.rpm SHA-256: 633fea0a5673a5b85c5b52df5aec563f76c2597d502acac9736fcb0782e995f8
firefox-debuginfo-115.4.0-1.el8_8.x86_64.rpm SHA-256: 779058a6dfa966d531edc9fd91a70e278ab49ac69c2a6d14bf0878936b3acddc
firefox-debugsource-115.4.0-1.el8_8.x86_64.rpm SHA-256: b735cd662998be6c058fb29e41f7c613058a95f5f33d59b5a8e2984f18f45c65

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
x86_64
firefox-115.4.0-1.el8_8.x86_64.rpm SHA-256: 633fea0a5673a5b85c5b52df5aec563f76c2597d502acac9736fcb0782e995f8
firefox-debuginfo-115.4.0-1.el8_8.x86_64.rpm SHA-256: 779058a6dfa966d531edc9fd91a70e278ab49ac69c2a6d14bf0878936b3acddc
firefox-debugsource-115.4.0-1.el8_8.x86_64.rpm SHA-256: b735cd662998be6c058fb29e41f7c613058a95f5f33d59b5a8e2984f18f45c65

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
x86_64
firefox-115.4.0-1.el8_8.x86_64.rpm SHA-256: 633fea0a5673a5b85c5b52df5aec563f76c2597d502acac9736fcb0782e995f8
firefox-debuginfo-115.4.0-1.el8_8.x86_64.rpm SHA-256: 779058a6dfa966d531edc9fd91a70e278ab49ac69c2a6d14bf0878936b3acddc
firefox-debugsource-115.4.0-1.el8_8.x86_64.rpm SHA-256: b735cd662998be6c058fb29e41f7c613058a95f5f33d59b5a8e2984f18f45c65

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
s390x
firefox-115.4.0-1.el8_8.s390x.rpm SHA-256: bb5140e93d59a321840adb2d489e3bf22db7aef4457ff8c5eafab6f6391df41a
firefox-debuginfo-115.4.0-1.el8_8.s390x.rpm SHA-256: 42318b2bcb0c9243cf59216daf6c91febc47c6abb39bae22e84bae4a0a5f9240
firefox-debugsource-115.4.0-1.el8_8.s390x.rpm SHA-256: 397091f1abdb726d28b549808dec6ee4cf568d9de396547df71d49400eee2c23

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
s390x
firefox-115.4.0-1.el8_8.s390x.rpm SHA-256: bb5140e93d59a321840adb2d489e3bf22db7aef4457ff8c5eafab6f6391df41a
firefox-debuginfo-115.4.0-1.el8_8.s390x.rpm SHA-256: 42318b2bcb0c9243cf59216daf6c91febc47c6abb39bae22e84bae4a0a5f9240
firefox-debugsource-115.4.0-1.el8_8.s390x.rpm SHA-256: 397091f1abdb726d28b549808dec6ee4cf568d9de396547df71d49400eee2c23

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
ppc64le
firefox-115.4.0-1.el8_8.ppc64le.rpm SHA-256: 37c761d06d5515a1ef027fb4d4ea418d1b7b47b711e96ef3c85032023c8c46e0
firefox-debuginfo-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b93df973212c021127a2266dd659e32310a15c3898f7649cc6b9f19d2bb76ac9
firefox-debugsource-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b4cd1f3b57f7bd4fba6ef7f06a208f8ed76d4c56c73186b9f814559851684b4a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
ppc64le
firefox-115.4.0-1.el8_8.ppc64le.rpm SHA-256: 37c761d06d5515a1ef027fb4d4ea418d1b7b47b711e96ef3c85032023c8c46e0
firefox-debuginfo-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b93df973212c021127a2266dd659e32310a15c3898f7649cc6b9f19d2bb76ac9
firefox-debugsource-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b4cd1f3b57f7bd4fba6ef7f06a208f8ed76d4c56c73186b9f814559851684b4a

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
x86_64
firefox-115.4.0-1.el8_8.x86_64.rpm SHA-256: 633fea0a5673a5b85c5b52df5aec563f76c2597d502acac9736fcb0782e995f8
firefox-debuginfo-115.4.0-1.el8_8.x86_64.rpm SHA-256: 779058a6dfa966d531edc9fd91a70e278ab49ac69c2a6d14bf0878936b3acddc
firefox-debugsource-115.4.0-1.el8_8.x86_64.rpm SHA-256: b735cd662998be6c058fb29e41f7c613058a95f5f33d59b5a8e2984f18f45c65

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
aarch64
firefox-115.4.0-1.el8_8.aarch64.rpm SHA-256: 48183a71135fd9a33d474e3f68ec67e8ad86ca69e1441b9281b3a103242b7f1e
firefox-debuginfo-115.4.0-1.el8_8.aarch64.rpm SHA-256: 0843e00911b453b226f1639e47d3a62f1195d672bc11caed17bdcab3f00ffcc0
firefox-debugsource-115.4.0-1.el8_8.aarch64.rpm SHA-256: 1886a9ea4bd4ee18a188f515c0cf1b2173b103957c73cb2babc97ac3cbfc77bf

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
aarch64
firefox-115.4.0-1.el8_8.aarch64.rpm SHA-256: 48183a71135fd9a33d474e3f68ec67e8ad86ca69e1441b9281b3a103242b7f1e
firefox-debuginfo-115.4.0-1.el8_8.aarch64.rpm SHA-256: 0843e00911b453b226f1639e47d3a62f1195d672bc11caed17bdcab3f00ffcc0
firefox-debugsource-115.4.0-1.el8_8.aarch64.rpm SHA-256: 1886a9ea4bd4ee18a188f515c0cf1b2173b103957c73cb2babc97ac3cbfc77bf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
ppc64le
firefox-115.4.0-1.el8_8.ppc64le.rpm SHA-256: 37c761d06d5515a1ef027fb4d4ea418d1b7b47b711e96ef3c85032023c8c46e0
firefox-debuginfo-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b93df973212c021127a2266dd659e32310a15c3898f7649cc6b9f19d2bb76ac9
firefox-debugsource-115.4.0-1.el8_8.ppc64le.rpm SHA-256: b4cd1f3b57f7bd4fba6ef7f06a208f8ed76d4c56c73186b9f814559851684b4a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
firefox-115.4.0-1.el8_8.src.rpm SHA-256: aae9ad0b061829e5465f5a1232285e5f4f669679a1a43f8549ad3ba38a66ac5f
x86_64
firefox-115.4.0-1.el8_8.x86_64.rpm SHA-256: 633fea0a5673a5b85c5b52df5aec563f76c2597d502acac9736fcb0782e995f8
firefox-debuginfo-115.4.0-1.el8_8.x86_64.rpm SHA-256: 779058a6dfa966d531edc9fd91a70e278ab49ac69c2a6d14bf0878936b3acddc
firefox-debugsource-115.4.0-1.el8_8.x86_64.rpm SHA-256: b735cd662998be6c058fb29e41f7c613058a95f5f33d59b5a8e2984f18f45c65

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.