Red Hat Product Errata RHSA-2024:1907 - Security Advisory
Issued:
2024-04-18
Updated:
2024-04-18

RHSA-2024:1907 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.10.0 ESR.

Security Fix(es):

  • GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
  • Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
  • Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
  • Permission prompt input delay could expire when not in focus (CVE-2024-2609)
  • Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
  • Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
  • Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2275547 - CVE-2024-3852 Mozilla: GetBoundName in the JIT returned the wrong object
  • BZ - 2275549 - CVE-2024-3854 Mozilla: Out-of-bounds-read after mis-optimized switch statement
  • BZ - 2275550 - CVE-2024-3857 Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
  • BZ - 2275551 - CVE-2024-2609 Mozilla: Permission prompt input delay could expire when not in focus
  • BZ - 2275552 - CVE-2024-3859 Mozilla: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  • BZ - 2275553 - CVE-2024-3861 Mozilla: Potential use-after-free due to AlignedBuffer self-move
  • BZ - 2275555 - CVE-2024-3864 Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
x86_64
firefox-115.10.0-1.el9_0.x86_64.rpm SHA-256: ba1147ba1c9287d6d580688f23e65be9a789878f0fa2ceeefed8c79700405906
firefox-debuginfo-115.10.0-1.el9_0.x86_64.rpm SHA-256: 3dd7175786feb7825add824bc0b75df2e9cd79d14583ae397c295668a1d9246d
firefox-debugsource-115.10.0-1.el9_0.x86_64.rpm SHA-256: d32a020efddd10328cd1b7d342b8a594015f11e706254ca3739abb55bcdc2247

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
s390x
firefox-115.10.0-1.el9_0.s390x.rpm SHA-256: df7803ba77d5bc35ced5745374aae5600fb66b814c7b3afaa302a85838418951
firefox-debuginfo-115.10.0-1.el9_0.s390x.rpm SHA-256: 464690e4eac3a004001dfc49415fba8bf67cd23ed7bd35ae55ff386b9207372f
firefox-debugsource-115.10.0-1.el9_0.s390x.rpm SHA-256: c8189ee3e06ab475e8b556928f5f3c61b4bece52fc296c112ffa3faa72f318e0

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
ppc64le
firefox-115.10.0-1.el9_0.ppc64le.rpm SHA-256: b6e164af61651af613ef9a0a259fb2ae7cb0b7ad62818fd1a18733a8f625d4b8
firefox-debuginfo-115.10.0-1.el9_0.ppc64le.rpm SHA-256: 91bec412581c4bc75caba3b9323ea2b98b08b5e422228943b67551932dbc419c
firefox-debugsource-115.10.0-1.el9_0.ppc64le.rpm SHA-256: 24e45be8c368330b89c8b87f9e76545c020a96273e5f51fcf5d52e3106e6916b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
aarch64
firefox-115.10.0-1.el9_0.aarch64.rpm SHA-256: b789307c7c0250ed66fe44508a02e89c754b07f971fd1bd7d9b2220cb3849fe8
firefox-debuginfo-115.10.0-1.el9_0.aarch64.rpm SHA-256: d1d4411a17c5b93d83f2b18cee8af75427d234870e8b0f66fb7d27ada975dbf4
firefox-debugsource-115.10.0-1.el9_0.aarch64.rpm SHA-256: ef2ada24f5f8e2459c26cb61b0b7e8291e3df9aeaa15fcd6d3e7085b5de414b4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
ppc64le
firefox-115.10.0-1.el9_0.ppc64le.rpm SHA-256: b6e164af61651af613ef9a0a259fb2ae7cb0b7ad62818fd1a18733a8f625d4b8
firefox-debuginfo-115.10.0-1.el9_0.ppc64le.rpm SHA-256: 91bec412581c4bc75caba3b9323ea2b98b08b5e422228943b67551932dbc419c
firefox-debugsource-115.10.0-1.el9_0.ppc64le.rpm SHA-256: 24e45be8c368330b89c8b87f9e76545c020a96273e5f51fcf5d52e3106e6916b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
x86_64
firefox-115.10.0-1.el9_0.x86_64.rpm SHA-256: ba1147ba1c9287d6d580688f23e65be9a789878f0fa2ceeefed8c79700405906
firefox-debuginfo-115.10.0-1.el9_0.x86_64.rpm SHA-256: 3dd7175786feb7825add824bc0b75df2e9cd79d14583ae397c295668a1d9246d
firefox-debugsource-115.10.0-1.el9_0.x86_64.rpm SHA-256: d32a020efddd10328cd1b7d342b8a594015f11e706254ca3739abb55bcdc2247

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
aarch64
firefox-115.10.0-1.el9_0.aarch64.rpm SHA-256: b789307c7c0250ed66fe44508a02e89c754b07f971fd1bd7d9b2220cb3849fe8
firefox-debuginfo-115.10.0-1.el9_0.aarch64.rpm SHA-256: d1d4411a17c5b93d83f2b18cee8af75427d234870e8b0f66fb7d27ada975dbf4
firefox-debugsource-115.10.0-1.el9_0.aarch64.rpm SHA-256: ef2ada24f5f8e2459c26cb61b0b7e8291e3df9aeaa15fcd6d3e7085b5de414b4

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
firefox-115.10.0-1.el9_0.src.rpm SHA-256: 2169127d65ab4354e1345bd69aa981705912566ec625898eb84d868e82952738
s390x
firefox-115.10.0-1.el9_0.s390x.rpm SHA-256: df7803ba77d5bc35ced5745374aae5600fb66b814c7b3afaa302a85838418951
firefox-debuginfo-115.10.0-1.el9_0.s390x.rpm SHA-256: 464690e4eac3a004001dfc49415fba8bf67cd23ed7bd35ae55ff386b9207372f
firefox-debugsource-115.10.0-1.el9_0.s390x.rpm SHA-256: c8189ee3e06ab475e8b556928f5f3c61b4bece52fc296c112ffa3faa72f318e0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.