Issued:: 2024-08-13
Updated:: 2024-08-13

RHSA-2024:5323 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

Firefox: 115.14/128.1 ESR ()
mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
mozilla: Type confusion in WebAssembly (CVE-2024-7520)
mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
mozilla: Out of bounds read in editor component (CVE-2024-7522)
mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)
mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
mozilla: Document content could partially obscure security prompts (CVE-2024-7529)
mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

(none)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
firefox-115.14.0-2.el8_2.src.rpm	SHA-256: 0789a5b7f7a2e013e7591b23d352544c4c19a525e7470c891028f1451b2cca9d
x86_64
firefox-115.14.0-2.el8_2.x86_64.rpm	SHA-256: 43fb1f93dd0ea70263afd12a20930acbc09bee7fdf62ac161a05641095b5f384
firefox-debuginfo-115.14.0-2.el8_2.x86_64.rpm	SHA-256: 5221198f8bfde78ab58fd7c6b7db56b33f74828b4a84fcec75e57e7419153a78
firefox-debugsource-115.14.0-2.el8_2.x86_64.rpm	SHA-256: 837fe17f50ab8f116dbde5e085365e65ff1ac80de3ebbf705bdb89baf2ae5a4e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation