Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:0955 - Security Advisory
Issued:
2024-02-26
Updated:
2024-02-26

RHSA-2024:0955 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

  • Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
  • Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
  • Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
  • Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
  • Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
  • Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
  • Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
  • Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2265349 - CVE-2024-1546 Mozilla: Out-of-bounds memory read in networking channels
  • BZ - 2265350 - CVE-2024-1547 Mozilla: Alert dialog could have been spoofed on another site
  • BZ - 2265351 - CVE-2024-1548 Mozilla: Fullscreen Notification could have been hidden by select element
  • BZ - 2265352 - CVE-2024-1549 Mozilla: Custom cursor could obscure the permission dialog
  • BZ - 2265353 - CVE-2024-1550 Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  • BZ - 2265354 - CVE-2024-1551 Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
  • BZ - 2265355 - CVE-2024-1552 Mozilla: Incorrect code generation on 32-bit ARM devices
  • BZ - 2265356 - CVE-2024-1553 Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

CVEs

  • CVE-2024-1546
  • CVE-2024-1547
  • CVE-2024-1548
  • CVE-2024-1549
  • CVE-2024-1550
  • CVE-2024-1551
  • CVE-2024-1552
  • CVE-2024-1553

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-115.8.0-1.el8_9.src.rpm SHA-256: 57e6cdea2db59cb342841d9b80bc1f56ecdf0218d6e22c92fabcda25dd0aa4d0
x86_64
firefox-115.8.0-1.el8_9.x86_64.rpm SHA-256: 0fe9a0194ebf229d54ce310ba56d2d98ed12f6b4cd30cb1cb5bd3af69e0e6056
firefox-debuginfo-115.8.0-1.el8_9.x86_64.rpm SHA-256: 4002ab2bbfb5d3b9eca40bfab79d9ee2035448b268006795e10b1327c455f588
firefox-debugsource-115.8.0-1.el8_9.x86_64.rpm SHA-256: aa22bc5554f179c8745c02a180ae1dbbdf77ad0de01ffa685a2830ec7eb0ca0b

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-115.8.0-1.el8_9.src.rpm SHA-256: 57e6cdea2db59cb342841d9b80bc1f56ecdf0218d6e22c92fabcda25dd0aa4d0
s390x
firefox-115.8.0-1.el8_9.s390x.rpm SHA-256: f913b3b48e195bbccde678fcf57f7ed67a62d7e448092f951acb1dddcbf43c16
firefox-debuginfo-115.8.0-1.el8_9.s390x.rpm SHA-256: 41b3784049250714600ad73bfea211898033c5a043c669799bb8a1a592933c51
firefox-debugsource-115.8.0-1.el8_9.s390x.rpm SHA-256: c7fbde4a64a8410f31362f4d5ebce2548b86ccdd2bbaca76520857a8f808871a

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-115.8.0-1.el8_9.src.rpm SHA-256: 57e6cdea2db59cb342841d9b80bc1f56ecdf0218d6e22c92fabcda25dd0aa4d0
ppc64le
firefox-115.8.0-1.el8_9.ppc64le.rpm SHA-256: 4b31307b6ea19f2618bf65b12e2579f7adf0b30cabe8a3855e89eb88dc27c340
firefox-debuginfo-115.8.0-1.el8_9.ppc64le.rpm SHA-256: b14e6999704f2c7792269de0fa85a7d7fbbe0131a47610cdd00e4ed9649fa53f
firefox-debugsource-115.8.0-1.el8_9.ppc64le.rpm SHA-256: c6c67c16de365ffa98eafc9cfe82c36c127ff813d8cfe4ba3458769d5fb2a777

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-115.8.0-1.el8_9.src.rpm SHA-256: 57e6cdea2db59cb342841d9b80bc1f56ecdf0218d6e22c92fabcda25dd0aa4d0
aarch64
firefox-115.8.0-1.el8_9.aarch64.rpm SHA-256: 2e1f5612334b30f396304d740f00f05c5645f0e39219b50c3cdf6e67563103b1
firefox-debuginfo-115.8.0-1.el8_9.aarch64.rpm SHA-256: 6e91c1fbc6bac7a55ad052226cc1af28f1a9a67f1a73eb38d850e3a3d1d31cde
firefox-debugsource-115.8.0-1.el8_9.aarch64.rpm SHA-256: 6eb0b0393caef07f10d5f825b0154af77ed1b63e80fc6feb558987f1ebbe287c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility