Issued:: 2024-10-14
Updated:: 2024-10-14

RHSA-2024:8034 - Security Advisory

Overview
Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x

Fixes

BZ - 2317442 - CVE-2024-9680 firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill)

CVEs

CVE-2024-9680

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-128.3.1-2.el7_9.src.rpm	SHA-256: 5b9a027f691a01e16fbe655fda5fd9ae98c697193d2bf0caa9b19d3b61b82e66
x86_64
firefox-128.3.1-2.el7_9.x86_64.rpm	SHA-256: 459063649a47af94f571867c7e5ad9ba478f4f50ad630e1191a2ccfd179491f7
firefox-debuginfo-128.3.1-2.el7_9.x86_64.rpm	SHA-256: 8339f13eb928f05e66deea14f8c50b6c1127b69eb58365f68377a677da887e59

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-128.3.1-2.el7_9.src.rpm	SHA-256: 5b9a027f691a01e16fbe655fda5fd9ae98c697193d2bf0caa9b19d3b61b82e66
s390x
firefox-128.3.1-2.el7_9.s390x.rpm	SHA-256: 64fff27cde801112ff9bea92a9e531720248808bf5c7d73d485609b715dfd3db
firefox-debuginfo-128.3.1-2.el7_9.s390x.rpm	SHA-256: 2df6fafe93fa04603e2cd015295cb17958dba4c2cf6b61271cb1ce9751f4b674

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-128.3.1-2.el7_9.src.rpm	SHA-256: 5b9a027f691a01e16fbe655fda5fd9ae98c697193d2bf0caa9b19d3b61b82e66
ppc64

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-128.3.1-2.el7_9.src.rpm	SHA-256: 5b9a027f691a01e16fbe655fda5fd9ae98c697193d2bf0caa9b19d3b61b82e66
ppc64le

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation