Issued:: 2024-10-02
Updated:: 2024-10-02

RHSA-2024:7505 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: 115.16/128.3 ESR ()
firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)
firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)
firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)
firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

BZ - 2314430 - firefox: 115.16/128.3 ESR
BZ - 2315950 - CVE-2024-9401 firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
BZ - 2315951 - CVE-2024-9402 firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
BZ - 2315956 - CVE-2024-9393 firefox: thunderbird: Cross-origin access to PDF contents through multipart responses
BZ - 2315957 - CVE-2024-9394 firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
BZ - 2315959 - CVE-2024-9392 firefox: thunderbird: Compromised content process can bypass site isolation

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
x86_64
firefox-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 989de4b8ee0aa48c44e30000b08593a2e07ef9d3ef97d5efaf9fc157f30a50e9
firefox-debuginfo-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 69d05c14691b782f715dd7a7be691b7da9f4b37c5c34d1c29edb8ce7d0d55406
firefox-debugsource-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 8046b2d314a5233eca5032c3d08b6d76401f78f768328612386ba1dc05127634
firefox-x11-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 22387a0ca0d11627f17430b7a6160418d50002dbe4d73a34d25faa48b70d8f4e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
x86_64
firefox-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 989de4b8ee0aa48c44e30000b08593a2e07ef9d3ef97d5efaf9fc157f30a50e9
firefox-debuginfo-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 69d05c14691b782f715dd7a7be691b7da9f4b37c5c34d1c29edb8ce7d0d55406
firefox-debugsource-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 8046b2d314a5233eca5032c3d08b6d76401f78f768328612386ba1dc05127634
firefox-x11-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 22387a0ca0d11627f17430b7a6160418d50002dbe4d73a34d25faa48b70d8f4e

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
x86_64
firefox-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 989de4b8ee0aa48c44e30000b08593a2e07ef9d3ef97d5efaf9fc157f30a50e9
firefox-debuginfo-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 69d05c14691b782f715dd7a7be691b7da9f4b37c5c34d1c29edb8ce7d0d55406
firefox-debugsource-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 8046b2d314a5233eca5032c3d08b6d76401f78f768328612386ba1dc05127634
firefox-x11-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 22387a0ca0d11627f17430b7a6160418d50002dbe4d73a34d25faa48b70d8f4e

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
s390x
firefox-128.3.0-1.el9_4.s390x.rpm	SHA-256: 6672f339f5682971137d2cf937ecbce80eb9ebb5c6b40c49cd7e4ce48f6d387c
firefox-debuginfo-128.3.0-1.el9_4.s390x.rpm	SHA-256: 5ba547e02a0fc0b0c794551889d9654902bb9e1e682554c0f759577cda08339b
firefox-debugsource-128.3.0-1.el9_4.s390x.rpm	SHA-256: 776c2fd2adb2895c7042a5106678108fd9bf20274afb7777e3fa9e2718531c34
firefox-x11-128.3.0-1.el9_4.s390x.rpm	SHA-256: a3b5dfec584ac9f62c950f2b60f69750370cb1be6c037eabf404fcbc96748120

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
s390x
firefox-128.3.0-1.el9_4.s390x.rpm	SHA-256: 6672f339f5682971137d2cf937ecbce80eb9ebb5c6b40c49cd7e4ce48f6d387c
firefox-debuginfo-128.3.0-1.el9_4.s390x.rpm	SHA-256: 5ba547e02a0fc0b0c794551889d9654902bb9e1e682554c0f759577cda08339b
firefox-debugsource-128.3.0-1.el9_4.s390x.rpm	SHA-256: 776c2fd2adb2895c7042a5106678108fd9bf20274afb7777e3fa9e2718531c34
firefox-x11-128.3.0-1.el9_4.s390x.rpm	SHA-256: a3b5dfec584ac9f62c950f2b60f69750370cb1be6c037eabf404fcbc96748120

Red Hat Enterprise Linux for Power, little endian 9

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
ppc64le
firefox-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: c452539087ac07a0cd6ae7c52ef45fe23f83546bb139da28ffbc45e2519c3457
firefox-debuginfo-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: a26a54b26b0067ca4b6cc0b8a5465f6ebb1c38af9e616c4e029b599e962a2813
firefox-debugsource-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: ecb15f8864039aff6a350cd3cb7abdaaea06d916632dbf1abb62cf4e829d3fc6
firefox-x11-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: 45f4515f43ee3316a7d1ae8bb13af7ca535f122cc48012cf034996f3d77fe698

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
ppc64le
firefox-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: c452539087ac07a0cd6ae7c52ef45fe23f83546bb139da28ffbc45e2519c3457
firefox-debuginfo-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: a26a54b26b0067ca4b6cc0b8a5465f6ebb1c38af9e616c4e029b599e962a2813
firefox-debugsource-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: ecb15f8864039aff6a350cd3cb7abdaaea06d916632dbf1abb62cf4e829d3fc6
firefox-x11-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: 45f4515f43ee3316a7d1ae8bb13af7ca535f122cc48012cf034996f3d77fe698

Red Hat Enterprise Linux for ARM 64 9

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
aarch64
firefox-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 15a228a462e98fff2a2c16c50a3dee8b350a3afe497849877507be60aa6defef
firefox-debuginfo-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 8851ff056a7eb8b001e8bcfafa609d0972434f9879acba962d3d67a944eb56a0
firefox-debugsource-128.3.0-1.el9_4.aarch64.rpm	SHA-256: ce0c5b862b399b769bb64608c3cdf018c4169fb5fa4bfb1d343baf2eb9485790
firefox-x11-128.3.0-1.el9_4.aarch64.rpm	SHA-256: b13a521dbf13a1b87f28f02232a6d1843a186affaddd07dc7af0a785c5725c68

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
aarch64
firefox-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 15a228a462e98fff2a2c16c50a3dee8b350a3afe497849877507be60aa6defef
firefox-debuginfo-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 8851ff056a7eb8b001e8bcfafa609d0972434f9879acba962d3d67a944eb56a0
firefox-debugsource-128.3.0-1.el9_4.aarch64.rpm	SHA-256: ce0c5b862b399b769bb64608c3cdf018c4169fb5fa4bfb1d343baf2eb9485790
firefox-x11-128.3.0-1.el9_4.aarch64.rpm	SHA-256: b13a521dbf13a1b87f28f02232a6d1843a186affaddd07dc7af0a785c5725c68

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
ppc64le
firefox-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: c452539087ac07a0cd6ae7c52ef45fe23f83546bb139da28ffbc45e2519c3457
firefox-debuginfo-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: a26a54b26b0067ca4b6cc0b8a5465f6ebb1c38af9e616c4e029b599e962a2813
firefox-debugsource-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: ecb15f8864039aff6a350cd3cb7abdaaea06d916632dbf1abb62cf4e829d3fc6
firefox-x11-128.3.0-1.el9_4.ppc64le.rpm	SHA-256: 45f4515f43ee3316a7d1ae8bb13af7ca535f122cc48012cf034996f3d77fe698

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
x86_64
firefox-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 989de4b8ee0aa48c44e30000b08593a2e07ef9d3ef97d5efaf9fc157f30a50e9
firefox-debuginfo-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 69d05c14691b782f715dd7a7be691b7da9f4b37c5c34d1c29edb8ce7d0d55406
firefox-debugsource-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 8046b2d314a5233eca5032c3d08b6d76401f78f768328612386ba1dc05127634
firefox-x11-128.3.0-1.el9_4.x86_64.rpm	SHA-256: 22387a0ca0d11627f17430b7a6160418d50002dbe4d73a34d25faa48b70d8f4e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
aarch64
firefox-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 15a228a462e98fff2a2c16c50a3dee8b350a3afe497849877507be60aa6defef
firefox-debuginfo-128.3.0-1.el9_4.aarch64.rpm	SHA-256: 8851ff056a7eb8b001e8bcfafa609d0972434f9879acba962d3d67a944eb56a0
firefox-debugsource-128.3.0-1.el9_4.aarch64.rpm	SHA-256: ce0c5b862b399b769bb64608c3cdf018c4169fb5fa4bfb1d343baf2eb9485790
firefox-x11-128.3.0-1.el9_4.aarch64.rpm	SHA-256: b13a521dbf13a1b87f28f02232a6d1843a186affaddd07dc7af0a785c5725c68

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
firefox-128.3.0-1.el9_4.src.rpm	SHA-256: 7d6cb9bcb480310e69441c6f2cf766842af0898e9abe9ceec4f6e3314ea92f36
s390x
firefox-128.3.0-1.el9_4.s390x.rpm	SHA-256: 6672f339f5682971137d2cf937ecbce80eb9ebb5c6b40c49cd7e4ce48f6d387c
firefox-debuginfo-128.3.0-1.el9_4.s390x.rpm	SHA-256: 5ba547e02a0fc0b0c794551889d9654902bb9e1e682554c0f759577cda08339b
firefox-debugsource-128.3.0-1.el9_4.s390x.rpm	SHA-256: 776c2fd2adb2895c7042a5106678108fd9bf20274afb7777e3fa9e2718531c34
firefox-x11-128.3.0-1.el9_4.s390x.rpm	SHA-256: a3b5dfec584ac9f62c950f2b60f69750370cb1be6c037eabf404fcbc96748120

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation