Issued:: 2024-03-25
Updated:: 2024-03-25

RHSA-2024:1484 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2243644 - CVE-2023-5388 nss: timing attack against RSA decryption
BZ - 2260012 - CVE-2024-0743 Mozilla: Crash in NSS TLS method
BZ - 2270660 - CVE-2024-2607 Mozilla: JIT code failed to save return registers on Armv7-A
BZ - 2270661 - CVE-2024-2608 Mozilla: Integer overflow could have led to out of bounds write
BZ - 2270662 - CVE-2024-2616 Mozilla: Improve handling of out-of-memory conditions in ICU
BZ - 2270663 - CVE-2024-2610 Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
BZ - 2270664 - CVE-2024-2611 Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions
BZ - 2270665 - CVE-2024-2612 Mozilla: Self referencing object could have potentially led to a use-after-free
BZ - 2270666 - CVE-2024-2614 Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
BZ - 2271064 - CVE-2024-29944 Mozilla: Privileged JavaScript Execution via Event Handlers

CVEs

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
firefox-115.9.1-1.el8_9.src.rpm	SHA-256: efc6e2587eb43d48cdaeb944bfb029ab262c064cd362c59315c8792baaf8df10
x86_64
firefox-115.9.1-1.el8_9.x86_64.rpm	SHA-256: e9297c54e50a60b3da12584064c1b81ce6d7a49afc460d09fffea81e965085a6
firefox-debuginfo-115.9.1-1.el8_9.x86_64.rpm	SHA-256: ae9891c4e43ddd890a0c0591806889e16b21f847f7d5984b3f16ae2428034b18
firefox-debugsource-115.9.1-1.el8_9.x86_64.rpm	SHA-256: 11fecadb59bb68acdd0f0710c8f20952e06a718581f50c55543db210315390d6

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
firefox-115.9.1-1.el8_9.src.rpm	SHA-256: efc6e2587eb43d48cdaeb944bfb029ab262c064cd362c59315c8792baaf8df10
s390x
firefox-115.9.1-1.el8_9.s390x.rpm	SHA-256: 62538b64fa3df9ba1f91793f9f6eda518496e98c68f6c7c100f030758a5d8ca9
firefox-debuginfo-115.9.1-1.el8_9.s390x.rpm	SHA-256: d25fcc909e3ec1e218f88721b0588b995b5f577b37fc4c1b06351553a908c4f1
firefox-debugsource-115.9.1-1.el8_9.s390x.rpm	SHA-256: 4e2db62feac3010cedead1bc5be62c6ec82d91238f0925e5616d917c3cde4810

Red Hat Enterprise Linux for Power, little endian 8

SRPM
firefox-115.9.1-1.el8_9.src.rpm	SHA-256: efc6e2587eb43d48cdaeb944bfb029ab262c064cd362c59315c8792baaf8df10
ppc64le
firefox-115.9.1-1.el8_9.ppc64le.rpm	SHA-256: 40e3a70b11201d31b3e3e93a5df50ea6c12ac41d000496e326b2f8a4d7f39729
firefox-debuginfo-115.9.1-1.el8_9.ppc64le.rpm	SHA-256: 2a6c816714851ebb876f174734003fd0e495896e1874030cdea85dcfdea14067
firefox-debugsource-115.9.1-1.el8_9.ppc64le.rpm	SHA-256: e77f20c41ef48c34ff5ac13bde56b721deec746d0e7fcc3b89bf33388252b325

Red Hat Enterprise Linux for ARM 64 8

SRPM
firefox-115.9.1-1.el8_9.src.rpm	SHA-256: efc6e2587eb43d48cdaeb944bfb029ab262c064cd362c59315c8792baaf8df10
aarch64
firefox-115.9.1-1.el8_9.aarch64.rpm	SHA-256: 623e72de95e940165115785644905672e41dcc344154744d98cd4065c26325d0
firefox-debuginfo-115.9.1-1.el8_9.aarch64.rpm	SHA-256: d20b2a6a2770644de9c94eee0409d35bfb6412fccc6ad09693cd9788d7eeedb2
firefox-debugsource-115.9.1-1.el8_9.aarch64.rpm	SHA-256: e359f92107f5a62906ed7dcf2f1a6f6488cf4c423ff4ade24a8bd0540ec3ecec

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation