Red Hat Product Errata RHSA-2024:8031 - Security Advisory
Issued:
2024-10-14
Updated:
2024-10-14

RHSA-2024:8031 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2317442 - CVE-2024-9680 firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill)

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
x86_64
firefox-128.3.1-2.el9_2.x86_64.rpm SHA-256: a49f86c2593e6a5c9a0ee813152bb16b1848858609361ccc666117303c90eca8
firefox-debuginfo-128.3.1-2.el9_2.x86_64.rpm SHA-256: 12f9830a65e37595f3dd53fcb08c8e5baffceb828a3261edc113736fd16c6a90
firefox-debugsource-128.3.1-2.el9_2.x86_64.rpm SHA-256: 8d9ecae6300044af32fd00f5527a374f42f283f28da279af5debbb60cdadf6bb
firefox-x11-128.3.1-2.el9_2.x86_64.rpm SHA-256: d787acc3ad752eadfbc5d60931a9123ab09f85586a51046a34c8cd754d3b0b21

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
x86_64
firefox-128.3.1-2.el9_2.x86_64.rpm SHA-256: a49f86c2593e6a5c9a0ee813152bb16b1848858609361ccc666117303c90eca8
firefox-debuginfo-128.3.1-2.el9_2.x86_64.rpm SHA-256: 12f9830a65e37595f3dd53fcb08c8e5baffceb828a3261edc113736fd16c6a90
firefox-debugsource-128.3.1-2.el9_2.x86_64.rpm SHA-256: 8d9ecae6300044af32fd00f5527a374f42f283f28da279af5debbb60cdadf6bb
firefox-x11-128.3.1-2.el9_2.x86_64.rpm SHA-256: d787acc3ad752eadfbc5d60931a9123ab09f85586a51046a34c8cd754d3b0b21

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
s390x
firefox-128.3.1-2.el9_2.s390x.rpm SHA-256: 9c34915b9111aabbc67bfe4de77015084894ff68ff6e04d6e278d6fedc07eb76
firefox-debuginfo-128.3.1-2.el9_2.s390x.rpm SHA-256: ea3c7edb8cdfa21e7df1660bb4ad6f110886d8524cf1ffaf0982cdb332078cb6
firefox-debugsource-128.3.1-2.el9_2.s390x.rpm SHA-256: 6ee0fb83854685a1b4a1bb12c256a9cab2d031cfa1844c04d6eb051d5d26ea5b
firefox-x11-128.3.1-2.el9_2.s390x.rpm SHA-256: 7dcbd4509ab536fc656668ecb4bc5e710226f49a10f293dbc0b9c3fad82c1b95

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
ppc64le
firefox-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 357d04239374d4ae4ae3de0941d972404bc740c06f1de8b685e42fa1122c2cfb
firefox-debuginfo-128.3.1-2.el9_2.ppc64le.rpm SHA-256: eb2e110a7314ddf54016bcb78be6adefc7373f91dfc55ba19264bfd9406c3d37
firefox-debugsource-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 8df095cad79ec1a4d74138cd4af90c7b7dd3bd7efaceace46e4e642bf081ec6e
firefox-x11-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 3cc966a5d3b2ccac797523a37280097945c353821bd73561589a21d60aac3488

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
aarch64
firefox-128.3.1-2.el9_2.aarch64.rpm SHA-256: b3d40374ee721a4cf113c97bfeec050453b403135c24d9a34a1d6dde657073b9
firefox-debuginfo-128.3.1-2.el9_2.aarch64.rpm SHA-256: ea0bcc76a41ef2d326e21bcd426356f41b91a611b53f28e682df30fe97f4b080
firefox-debugsource-128.3.1-2.el9_2.aarch64.rpm SHA-256: 8060cda39d92c2b67759e1362d91f78ccf446189d5bc0669ba2085403ff266d8
firefox-x11-128.3.1-2.el9_2.aarch64.rpm SHA-256: 17c62e461bde0bf551d7e82abbbb90f07464cff34c59a4907e67f86bde182e03

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
ppc64le
firefox-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 357d04239374d4ae4ae3de0941d972404bc740c06f1de8b685e42fa1122c2cfb
firefox-debuginfo-128.3.1-2.el9_2.ppc64le.rpm SHA-256: eb2e110a7314ddf54016bcb78be6adefc7373f91dfc55ba19264bfd9406c3d37
firefox-debugsource-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 8df095cad79ec1a4d74138cd4af90c7b7dd3bd7efaceace46e4e642bf081ec6e
firefox-x11-128.3.1-2.el9_2.ppc64le.rpm SHA-256: 3cc966a5d3b2ccac797523a37280097945c353821bd73561589a21d60aac3488

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
x86_64
firefox-128.3.1-2.el9_2.x86_64.rpm SHA-256: a49f86c2593e6a5c9a0ee813152bb16b1848858609361ccc666117303c90eca8
firefox-debuginfo-128.3.1-2.el9_2.x86_64.rpm SHA-256: 12f9830a65e37595f3dd53fcb08c8e5baffceb828a3261edc113736fd16c6a90
firefox-debugsource-128.3.1-2.el9_2.x86_64.rpm SHA-256: 8d9ecae6300044af32fd00f5527a374f42f283f28da279af5debbb60cdadf6bb
firefox-x11-128.3.1-2.el9_2.x86_64.rpm SHA-256: d787acc3ad752eadfbc5d60931a9123ab09f85586a51046a34c8cd754d3b0b21

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
aarch64
firefox-128.3.1-2.el9_2.aarch64.rpm SHA-256: b3d40374ee721a4cf113c97bfeec050453b403135c24d9a34a1d6dde657073b9
firefox-debuginfo-128.3.1-2.el9_2.aarch64.rpm SHA-256: ea0bcc76a41ef2d326e21bcd426356f41b91a611b53f28e682df30fe97f4b080
firefox-debugsource-128.3.1-2.el9_2.aarch64.rpm SHA-256: 8060cda39d92c2b67759e1362d91f78ccf446189d5bc0669ba2085403ff266d8
firefox-x11-128.3.1-2.el9_2.aarch64.rpm SHA-256: 17c62e461bde0bf551d7e82abbbb90f07464cff34c59a4907e67f86bde182e03

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
firefox-128.3.1-2.el9_2.src.rpm SHA-256: 6f7d51aeab694e996e2395d86cc2372f1d7db98549cab40020abd709b20fe293
s390x
firefox-128.3.1-2.el9_2.s390x.rpm SHA-256: 9c34915b9111aabbc67bfe4de77015084894ff68ff6e04d6e278d6fedc07eb76
firefox-debuginfo-128.3.1-2.el9_2.s390x.rpm SHA-256: ea3c7edb8cdfa21e7df1660bb4ad6f110886d8524cf1ffaf0982cdb332078cb6
firefox-debugsource-128.3.1-2.el9_2.s390x.rpm SHA-256: 6ee0fb83854685a1b4a1bb12c256a9cab2d031cfa1844c04d6eb051d5d26ea5b
firefox-x11-128.3.1-2.el9_2.s390x.rpm SHA-256: 7dcbd4509ab536fc656668ecb4bc5e710226f49a10f293dbc0b9c3fad82c1b95

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.