Red Hat Product Errata RHSA-2024:0968 - Security Advisory
Issued:
2024-02-26
Updated:
2024-02-26

RHSA-2024:0968 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

  • Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
  • Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
  • Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
  • Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
  • Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
  • Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
  • Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
  • Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2265349 - CVE-2024-1546 Mozilla: Out-of-bounds memory read in networking channels
  • BZ - 2265350 - CVE-2024-1547 Mozilla: Alert dialog could have been spoofed on another site
  • BZ - 2265351 - CVE-2024-1548 Mozilla: Fullscreen Notification could have been hidden by select element
  • BZ - 2265352 - CVE-2024-1549 Mozilla: Custom cursor could obscure the permission dialog
  • BZ - 2265353 - CVE-2024-1550 Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  • BZ - 2265354 - CVE-2024-1551 Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
  • BZ - 2265355 - CVE-2024-1552 Mozilla: Incorrect code generation on 32-bit ARM devices
  • BZ - 2265356 - CVE-2024-1553 Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
x86_64
firefox-115.8.0-1.el9_0.x86_64.rpm SHA-256: 40cd007f3dbc4ae1e33f024534ead2e5d6c8dd55bb1128e11968d5e6ba94fd03
firefox-debuginfo-115.8.0-1.el9_0.x86_64.rpm SHA-256: e26c25bf8322f69041b24030da2b7d4fd3e552a041fe1f5803782c5a9691cb19
firefox-debugsource-115.8.0-1.el9_0.x86_64.rpm SHA-256: 4b6d6649a0b090420bc338f3ace9bf9f0f9975cc7a15fcbfd97e00ad3c0189c1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
s390x
firefox-115.8.0-1.el9_0.s390x.rpm SHA-256: 6c154fb29e31e94e6688304ce455edf02fc91114c12f50eb906a29124ea8e79b
firefox-debuginfo-115.8.0-1.el9_0.s390x.rpm SHA-256: 58b32616a1e31ce0f2dcbb6765087c14f73f55ab7eb3c2777e3f10e165bf22c5
firefox-debugsource-115.8.0-1.el9_0.s390x.rpm SHA-256: 1749a8f168f24cfde725f3115e27f7cf4aae3be26595b9b7aded697278f00aa7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
ppc64le
firefox-115.8.0-1.el9_0.ppc64le.rpm SHA-256: ac18eb071d6df9a542383c70a668438628a65c2864516871c0d160c905d962a2
firefox-debuginfo-115.8.0-1.el9_0.ppc64le.rpm SHA-256: dfa10d8cdff5e164c285a123555bd91e27172b85ca619c40a7db64339eedbcd7
firefox-debugsource-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 51bd3e78b08237917f98dffdfe887d3e79504f06d0580cb0508d3ee3a106975a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
aarch64
firefox-115.8.0-1.el9_0.aarch64.rpm SHA-256: 73e21e64828b207a639249651245d9d60d1d8eb39566ae934a9d472f0be8f88d
firefox-debuginfo-115.8.0-1.el9_0.aarch64.rpm SHA-256: 33920be34d6c038d1141512ac000db38af6e4b215a19d494e835d439c87fa7d9
firefox-debugsource-115.8.0-1.el9_0.aarch64.rpm SHA-256: 3639e2f6832059f29c21cecfe490c3d9f1aa0a3eef724bdb6f5d95a537870733

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
ppc64le
firefox-115.8.0-1.el9_0.ppc64le.rpm SHA-256: ac18eb071d6df9a542383c70a668438628a65c2864516871c0d160c905d962a2
firefox-debuginfo-115.8.0-1.el9_0.ppc64le.rpm SHA-256: dfa10d8cdff5e164c285a123555bd91e27172b85ca619c40a7db64339eedbcd7
firefox-debugsource-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 51bd3e78b08237917f98dffdfe887d3e79504f06d0580cb0508d3ee3a106975a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
x86_64
firefox-115.8.0-1.el9_0.x86_64.rpm SHA-256: 40cd007f3dbc4ae1e33f024534ead2e5d6c8dd55bb1128e11968d5e6ba94fd03
firefox-debuginfo-115.8.0-1.el9_0.x86_64.rpm SHA-256: e26c25bf8322f69041b24030da2b7d4fd3e552a041fe1f5803782c5a9691cb19
firefox-debugsource-115.8.0-1.el9_0.x86_64.rpm SHA-256: 4b6d6649a0b090420bc338f3ace9bf9f0f9975cc7a15fcbfd97e00ad3c0189c1

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
aarch64
firefox-115.8.0-1.el9_0.aarch64.rpm SHA-256: 73e21e64828b207a639249651245d9d60d1d8eb39566ae934a9d472f0be8f88d
firefox-debuginfo-115.8.0-1.el9_0.aarch64.rpm SHA-256: 33920be34d6c038d1141512ac000db38af6e4b215a19d494e835d439c87fa7d9
firefox-debugsource-115.8.0-1.el9_0.aarch64.rpm SHA-256: 3639e2f6832059f29c21cecfe490c3d9f1aa0a3eef724bdb6f5d95a537870733

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
firefox-115.8.0-1.el9_0.src.rpm SHA-256: 264673a46c7d64e663870f99af14d369d2854d3c6bddfa513578aae55c636f6f
s390x
firefox-115.8.0-1.el9_0.s390x.rpm SHA-256: 6c154fb29e31e94e6688304ce455edf02fc91114c12f50eb906a29124ea8e79b
firefox-debuginfo-115.8.0-1.el9_0.s390x.rpm SHA-256: 58b32616a1e31ce0f2dcbb6765087c14f73f55ab7eb3c2777e3f10e165bf22c5
firefox-debugsource-115.8.0-1.el9_0.s390x.rpm SHA-256: 1749a8f168f24cfde725f3115e27f7cf4aae3be26595b9b7aded697278f00aa7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.