Red Hat Product Errata RHSA-2024:0615 - Security Advisory
Issued:
2024-01-30
Updated:
2024-01-30

RHSA-2024:0615 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

  • Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
  • Mozilla: Failure to update user input timestamp (CVE-2024-0742)
  • Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
  • Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
  • Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
  • Mozilla: Privilege escalation through devtools (CVE-2024-0751)
  • Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
  • Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2259926 - CVE-2024-0741 Mozilla: Out of bounds write in ANGLE
  • BZ - 2259927 - CVE-2024-0742 Mozilla: Failure to update user input timestamp
  • BZ - 2259928 - CVE-2024-0746 Mozilla: Crash when listing printers on Linux
  • BZ - 2259929 - CVE-2024-0747 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
  • BZ - 2259930 - CVE-2024-0749 Mozilla: Phishing site popup could show local origin in address bar
  • BZ - 2259931 - CVE-2024-0750 Mozilla: Potential permissions request bypass via clickjacking
  • BZ - 2259932 - CVE-2024-0751 Mozilla: Privilege escalation through devtools
  • BZ - 2259933 - CVE-2024-0753 Mozilla: HSTS policy on subdomain could bypass policy of upper domain
  • BZ - 2259934 - CVE-2024-0755 Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
x86_64
firefox-115.7.0-1.el9_0.x86_64.rpm SHA-256: d1529429b24df70286114061d0d4442e05bf492024efeffff9f5b2b899dfec94
firefox-debuginfo-115.7.0-1.el9_0.x86_64.rpm SHA-256: dd95dfd1b7ecd9f6bfe74f1aa0203fbedeff19adf605a7053f38e42e290d3f53
firefox-debugsource-115.7.0-1.el9_0.x86_64.rpm SHA-256: 9d66c96e768fcda4f9e76c91e63ee52d0ebc6b0f2419f37a285475ae3ab048ce

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
s390x
firefox-115.7.0-1.el9_0.s390x.rpm SHA-256: b4fdf2d77a7a915dc11afa50f9040e3d2151cc5c133b4da0c3ea1b859d71da41
firefox-debuginfo-115.7.0-1.el9_0.s390x.rpm SHA-256: f8f85eb83a3a8ecec29c298c18d3c1186f3ead5735196c3a31c58257ba2993a5
firefox-debugsource-115.7.0-1.el9_0.s390x.rpm SHA-256: a1a37a71fd5f345b35d728d0bcabc32033803c088d04e6e556dccfdf16b60f8d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
ppc64le
firefox-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 25b9010477806a5488b99b021734986dc2385bdf38cc2716d82051ed1f533838
firefox-debuginfo-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 1efd8958438ceae723c85859ddb5594e7b0ba0f00d06f70d61de95e6a797f701
firefox-debugsource-115.7.0-1.el9_0.ppc64le.rpm SHA-256: a1dfd02e4fb43526d74c6fabae992de98554b20e7b2f87054f2be72dbe535fdd

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
aarch64
firefox-115.7.0-1.el9_0.aarch64.rpm SHA-256: 120b22692b00d6b56352c7272f069c147a53966137472da1776c40c2b7a0aeb2
firefox-debuginfo-115.7.0-1.el9_0.aarch64.rpm SHA-256: 3bfb09e48682b47061622e8f0347110bf09d85c7e11c1092e826a08cdab9def6
firefox-debugsource-115.7.0-1.el9_0.aarch64.rpm SHA-256: 94a39180df62cbd26bb9f757c4c39edb05074a76753cc0c92a4a277e68826d73

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
ppc64le
firefox-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 25b9010477806a5488b99b021734986dc2385bdf38cc2716d82051ed1f533838
firefox-debuginfo-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 1efd8958438ceae723c85859ddb5594e7b0ba0f00d06f70d61de95e6a797f701
firefox-debugsource-115.7.0-1.el9_0.ppc64le.rpm SHA-256: a1dfd02e4fb43526d74c6fabae992de98554b20e7b2f87054f2be72dbe535fdd

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
x86_64
firefox-115.7.0-1.el9_0.x86_64.rpm SHA-256: d1529429b24df70286114061d0d4442e05bf492024efeffff9f5b2b899dfec94
firefox-debuginfo-115.7.0-1.el9_0.x86_64.rpm SHA-256: dd95dfd1b7ecd9f6bfe74f1aa0203fbedeff19adf605a7053f38e42e290d3f53
firefox-debugsource-115.7.0-1.el9_0.x86_64.rpm SHA-256: 9d66c96e768fcda4f9e76c91e63ee52d0ebc6b0f2419f37a285475ae3ab048ce

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
aarch64
firefox-115.7.0-1.el9_0.aarch64.rpm SHA-256: 120b22692b00d6b56352c7272f069c147a53966137472da1776c40c2b7a0aeb2
firefox-debuginfo-115.7.0-1.el9_0.aarch64.rpm SHA-256: 3bfb09e48682b47061622e8f0347110bf09d85c7e11c1092e826a08cdab9def6
firefox-debugsource-115.7.0-1.el9_0.aarch64.rpm SHA-256: 94a39180df62cbd26bb9f757c4c39edb05074a76753cc0c92a4a277e68826d73

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
firefox-115.7.0-1.el9_0.src.rpm SHA-256: a34115595f92c619d61992ff4eeb04124abcd236c324cdd2e2392b96c68f0758
s390x
firefox-115.7.0-1.el9_0.s390x.rpm SHA-256: b4fdf2d77a7a915dc11afa50f9040e3d2151cc5c133b4da0c3ea1b859d71da41
firefox-debuginfo-115.7.0-1.el9_0.s390x.rpm SHA-256: f8f85eb83a3a8ecec29c298c18d3c1186f3ead5735196c3a31c58257ba2993a5
firefox-debugsource-115.7.0-1.el9_0.s390x.rpm SHA-256: a1a37a71fd5f345b35d728d0bcabc32033803c088d04e6e556dccfdf16b60f8d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.