—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update
Advisory ID: RHSA-2020:3835-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3835
Issue date: 2020-09-24
CVE Names: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677
CVE-2020-15678
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) – i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) – x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) – x86_64
Red Hat Enterprise Linux Server (v. 6) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) – x86_64
Red Hat Enterprise Linux Workstation (v. 6) – i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) – x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.3.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
(CVE-2020-15673)
* Mozilla: XSS when pasting attacker-controlled data into a contenteditable
element (CVE-2020-15676)
* Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
* Mozilla: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
(CVE-2020-15678)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1881664 – CVE-2020-15677 Mozilla: Download origin spoofing via redirect
1881665 – CVE-2020-15676 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
1881666 – CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
1881667 – CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
firefox-78.3.0-1.el6_10.src.rpm
i386:
firefox-78.3.0-1.el6_10.i686.rpm
x86_64:
firefox-78.3.0-1.el6_10.x86_64.rpm
firefox-debuginfo-78.3.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
x86_64:
firefox-78.3.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
firefox-78.3.0-1.el6_10.src.rpm
x86_64:
firefox-78.3.0-1.el6_10.i686.rpm
firefox-78.3.0-1.el6_10.x86_64.rpm
firefox-debuginfo-78.3.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
firefox-78.3.0-1.el6_10.src.rpm
i386:
firefox-78.3.0-1.el6_10.i686.rpm
ppc64:
firefox-78.3.0-1.el6_10.ppc64.rpm
firefox-debuginfo-78.3.0-1.el6_10.ppc64.rpm
s390x:
firefox-78.3.0-1.el6_10.s390x.rpm
firefox-debuginfo-78.3.0-1.el6_10.s390x.rpm
x86_64:
firefox-78.3.0-1.el6_10.x86_64.rpm
firefox-debuginfo-78.3.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
x86_64:
firefox-78.3.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
firefox-78.3.0-1.el6_10.src.rpm
i386:
firefox-78.3.0-1.el6_10.i686.rpm
x86_64:
firefox-78.3.0-1.el6_10.x86_64.rpm
firefox-debuginfo-78.3.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
x86_64:
firefox-78.3.0-1.el6_10.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15673
https://access.redhat.com/security/cve/CVE-2020-15676
https://access.redhat.com/security/cve/CVE-2020-15677
https://access.redhat.com/security/cve/CVE-2020-15678
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX2xxPtzjgjWX9erEAQjKpA/+JK6zf6vCauJ51jsWXaTUOkZcjp4OlYyO
1iyzwZP2YmJVtmQ96dZ5RIdKFr5i7l/FQgXIOugNJHJVLYH6Tv1Ll2mlmiiV3IFj
2OL7+89jA4d3PnsxjaVQ8XJ5kY/cLXUm5tbbg5ojC6Vs5QZQMgEBq1HCqyhzTHAe
H9/ReEbNJvF0d3Y2GfHfnM7bKMulHt9AJ0rBNrAM7y1QlA+TjkbPx01MKK6+WTHK
3QXeerpyEnrMLe6Awnn8ZjGx2DFvFk+k7IDbbHNbX7RKFOI44H+O6TlEY5RKFQLV
icYwfS4n0T0UGpDx7nR46KGNn0CVw9/1lMwPia5omWxExEI51bDmxGl7VHnKK2Fx
oxNioBqKy2jfFCc84abxo48Ecf5rcFyEr5Fu24tTUUFBhJvCdzPUKJgFdGJItrXg
e+UEFdC3tZYi89/FA051Y8V6eYkcbZDRGoj0CxX5dvalQs/vWMKZDCFVmNlnEf2O
9BrdoCsdCjNxVA6mYps6d+clGJdpfIN1X9nD5CjKJiPSaX4dlKeImpGipubFYW0p
Q0p3pNrJT+k5YTKWWH0QU/VJ5DiMF6IiuORKA0656X7sj4p+rXWXJg/ERtjsMF9x
U9a31x+KLm808Re5EGzTVbqlshy9B4iHP+giakmJJV2p7aSr2tSMzDHxt+q4thZG
GeuJoYBF700=
=hBLB
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update
Advisory ID: RHSA-2020:3832-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3832
Issue date: 2020-09-24
CVE Names: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677
CVE-2020-15678
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.3.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
(CVE-2020-15673)
* Mozilla: XSS when pasting attacker-controlled data into a contenteditable
element (CVE-2020-15676)
* Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
* Mozilla: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
(CVE-2020-15678)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1881664 – CVE-2020-15677 Mozilla: Download origin spoofing via redirect
1881665 – CVE-2020-15676 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
1881666 – CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
1881667 – CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
firefox-78.3.0-1.el8_2.src.rpm
aarch64:
firefox-78.3.0-1.el8_2.aarch64.rpm
firefox-debuginfo-78.3.0-1.el8_2.aarch64.rpm
firefox-debugsource-78.3.0-1.el8_2.aarch64.rpm
ppc64le:
firefox-78.3.0-1.el8_2.ppc64le.rpm
firefox-debuginfo-78.3.0-1.el8_2.ppc64le.rpm
firefox-debugsource-78.3.0-1.el8_2.ppc64le.rpm
s390x:
firefox-78.3.0-1.el8_2.s390x.rpm
firefox-debuginfo-78.3.0-1.el8_2.s390x.rpm
firefox-debugsource-78.3.0-1.el8_2.s390x.rpm
x86_64:
firefox-78.3.0-1.el8_2.x86_64.rpm
firefox-debuginfo-78.3.0-1.el8_2.x86_64.rpm
firefox-debugsource-78.3.0-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15673
https://access.redhat.com/security/cve/CVE-2020-15676
https://access.redhat.com/security/cve/CVE-2020-15677
https://access.redhat.com/security/cve/CVE-2020-15678
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX2xwTtzjgjWX9erEAQhnew//ZqzWw/sZNheMXKIYSQg87UZquuWUAnLA
KIhY//ApxzQutx/rrvAqmLMCdzrdhzM/QgJE4nCoLapUBldUwRpkB0fQaQ64KUmk
OrVf5q1/683Tp5NwXc1loHF8/HZEiG59Un30wdgyaW63PQ6SV4bObC6EJMG4P/yV
UsH9igeiRS6JjOKOWGH2G2JYIjy//EfgM8yyDwgpsPSv9oTkGGt0yLzHHjNsRjlQ
3n+vG1eLAz65o7IvBZuuh1ZOsA/xbqY2uQbGHDCq0Uq7VXcPy2UlVskFq9GMCzQa
AsbEqnHtObhCoBdbOLdsa17ijeyaFXAy1XKbGg1KzspvPMz7+cetsk2SgEJ+rph+
PQHrMbOIPO2JULp4G1txe5UP/ERVDS9+uA/8BhOztaBkwO9HJX1+n8ewwaTckLNV
fa9CgzV+r0dzH2w6bYEnVVqFSokTNDFB14uoUUD91jEf2hvMHLQcsTgie0LgDCQn
RfLCkzAcgpbw6EdGC2q2mapMnVxIUDwtayINwzspqCNcl6MHObpixpDRgqL3Zdfg
MWBa9V5tsKbyboY1Zvfqks73nuaSgbzcTMCOpDqVP3wPmOSjhJod7uNM1NqLkT9F
3sjTOrz+G2sAn+V3UO5NNvcILp6IxXYm3OBtuzu1ZDKjPnsAbKjQ881F7Rdl4YX/
cGlM8SZsaHM=
=2c5S
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update
Advisory ID: RHSA-2020:3833-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3833
Issue date: 2020-09-24
CVE Names: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677
CVE-2020-15678
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.3.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
(CVE-2020-15673)
* Mozilla: XSS when pasting attacker-controlled data into a contenteditable
element (CVE-2020-15676)
* Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
* Mozilla: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
(CVE-2020-15678)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1881664 – CVE-2020-15677 Mozilla: Download origin spoofing via redirect
1881665 – CVE-2020-15676 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
1881666 – CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
1881667 – CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
firefox-78.3.0-1.el8_1.src.rpm
aarch64:
firefox-78.3.0-1.el8_1.aarch64.rpm
firefox-debuginfo-78.3.0-1.el8_1.aarch64.rpm
firefox-debugsource-78.3.0-1.el8_1.aarch64.rpm
ppc64le:
firefox-78.3.0-1.el8_1.ppc64le.rpm
firefox-debuginfo-78.3.0-1.el8_1.ppc64le.rpm
firefox-debugsource-78.3.0-1.el8_1.ppc64le.rpm
s390x:
firefox-78.3.0-1.el8_1.s390x.rpm
firefox-debuginfo-78.3.0-1.el8_1.s390x.rpm
firefox-debugsource-78.3.0-1.el8_1.s390x.rpm
x86_64:
firefox-78.3.0-1.el8_1.x86_64.rpm
firefox-debuginfo-78.3.0-1.el8_1.x86_64.rpm
firefox-debugsource-78.3.0-1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15673
https://access.redhat.com/security/cve/CVE-2020-15676
https://access.redhat.com/security/cve/CVE-2020-15677
https://access.redhat.com/security/cve/CVE-2020-15678
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX2xuM9zjgjWX9erEAQgoHg/+L3H+wUneU44xvAuSaYMMdjOk7uSDJ93+
MlpiM4Eu6oUlV2JJ1NICvXxc5SW3X3gnKsLNRjB+w4iSWF6xo3+rUUN4vm42PP7f
XyX64Ypaz0C+WoiMOQUrirp5i/hfMnHR98X4TRTHpUiK/Gdyl1HYwm+krDz8CY/Z
ttPiQTv5/naCGGI5bNgyD+M04Q4TzaCxW8mD1Mv0wV2pqRGUNpXlf/P199P0T7Hr
6g5t9xO8HmO/MXEr0WSmBZErSrh1upmjRUhR8+KTbnjODKIgv9jZVm3pmyeD5bJO
lnX/dUzBMuIURYe+99WAemWLHE9VZ5Qo6uV21R1C6ZGK1XQoHQnT2llk97LcHNjP
z7mvTxoD6ZZN8TAtkljDXxh1PDUFuvja2R6il3+XBrEz27n1KJw+tb6LfZXKspsG
lXRLo0XeTEYAbkKwFqhO9D4iSy8ISqrBL7c6zUF78mH1lGd6O8HoKgmorAFIX9Aa
K0OXTZ0dSWOxdhOzcjGW4XrZ6K1TRHMhMHUO3AfzNIn/qpEOXDsODQCSNNWWRSrB
2NIWzuSVUdUF6yCliUVa/OdTaQCIBxzFuqdTBUnSsPDxmx3aH759Lg3FBMNyQs5e
DxXzP/43Jt/gYqu0INKMBX0RdZ4vD/LR+C8S3M7Nmnrhq9jnPyF44mAn9IdmwCYl
qINxXFyzQiA=
=wLzH
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2020:3836-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3836
Issue date: 2020-09-24
CVE Names: CVE-2017-2647
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 6.6) – noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) – x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Null pointer dereference in search_keyring (CVE-2017-2647)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1428353 – CVE-2017-2647 kernel: Null pointer dereference in search_keyring
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 6.6):
Source:
kernel-2.6.32-504.84.1.el6.src.rpm
noarch:
kernel-abi-whitelists-2.6.32-504.84.1.el6.noarch.rpm
kernel-doc-2.6.32-504.84.1.el6.noarch.rpm
kernel-firmware-2.6.32-504.84.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debug-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.84.1.el6.x86_64.rpm
kernel-devel-2.6.32-504.84.1.el6.x86_64.rpm
kernel-headers-2.6.32-504.84.1.el6.x86_64.rpm
perf-2.6.32-504.84.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.6):
x86_64:
kernel-debug-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.84.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
python-perf-2.6.32-504.84.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.84.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-2647
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX2xtftzjgjWX9erEAQiZNQ//fRZuk8gfIn2B/kvnSwZInktVhGrJCw+r
cJ0g2xLO5LVP4AEsORIkB8q6LfRFS/fpmn2MVm+BSEmNAA+EY4QVoOJyjeVYAsL6
W2/OKdM7zCxjpIb5qQze5RfSMRG3rpAPaOWj0pj4U8MMBSVbyCcbkOaO4LPaswQw
DudwdOvFJ5t67MoK5SAfvXn1yUSrkcojZzQNXnBN7UsHguDIRP+yXYSTS3hKFqDL
aOeFhKQYvCAlE3pdAZUmvw1gWifjwpx1FkyO7q3DRw+WO7b4olDk8yi3qx829uei
KVte/P0FwRXCEvRYY7LJpakqS+H7uC6Ew6lbDaDSrWWKeRmFPA6PXZ6HUNj/kTkx
r6Ey65897LOSWnyWX1mwN32Cj905b4p6aYG6U1urezP88+LF5dPtBE+bUD7vslC5
c3KrnOewg0F2HE+OUgeSxGmrAMrcIHAOUYdvTdflX11+UFdO+EMXlwS2WGQf2ySC
AtVCOhTLGSw208TqJUjJ+LnUyIzY+vjMpe81fIdEI08noaKHqfpRAfAqRiDfhKpQ
tfrFXaRKjghq5idLXfEh1/hEqJ9L3bQzgSLZTfCt/2LOA+eEYzCfA4WnDh5EA2rX
c0/9VVddHTm+UC0/QlE+1oYJr2UTENxQGB0rnaotH3qlEHEyCa7m7l1lJ4ooIkG3
LSo4VY2O71Y=
=pcfN
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update
Advisory ID: RHSA-2020:3834-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3834
Issue date: 2020-09-24
CVE Names: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677
CVE-2020-15678
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.3.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
(CVE-2020-15673)
* Mozilla: XSS when pasting attacker-controlled data into a contenteditable
element (CVE-2020-15676)
* Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
* Mozilla: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
(CVE-2020-15678)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1881664 – CVE-2020-15677 Mozilla: Download origin spoofing via redirect
1881665 – CVE-2020-15676 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
1881666 – CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
1881667 – CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
firefox-78.3.0-1.el8_0.src.rpm
aarch64:
firefox-78.3.0-1.el8_0.aarch64.rpm
firefox-debuginfo-78.3.0-1.el8_0.aarch64.rpm
firefox-debugsource-78.3.0-1.el8_0.aarch64.rpm
ppc64le:
firefox-78.3.0-1.el8_0.ppc64le.rpm
firefox-debuginfo-78.3.0-1.el8_0.ppc64le.rpm
firefox-debugsource-78.3.0-1.el8_0.ppc64le.rpm
s390x:
firefox-78.3.0-1.el8_0.s390x.rpm
firefox-debuginfo-78.3.0-1.el8_0.s390x.rpm
firefox-debugsource-78.3.0-1.el8_0.s390x.rpm
x86_64:
firefox-78.3.0-1.el8_0.x86_64.rpm
firefox-debuginfo-78.3.0-1.el8_0.x86_64.rpm
firefox-debugsource-78.3.0-1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15673
https://access.redhat.com/security/cve/CVE-2020-15676
https://access.redhat.com/security/cve/CVE-2020-15677
https://access.redhat.com/security/cve/CVE-2020-15678
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX2xsytzjgjWX9erEAQiqnw//bKyabd7BQKnsVoachGvytBLWnE4FV0fx
RZxWv1FMzcejAgWrtGtVjE86Xc56/M/KUHtxTlfQaixM58+/9n+3Zy1fC6xw67HS
l+/S8AuKdzprOQPTib3LDv1PyrQMWW88QV35Brd5Moq7S3W9aT0Zf6GOPzqM3WJK
BxcoZBeRL0zyLhwREdwXY4o7YkxNE57zmxMZFy6RiPy2vn99kK6ULesn1sehiyax
WiSTrq6qGwQTtS7YvDiO9XNNHKoxLxq5sIDE88bWqoxgXpSWH97k2HNvCeS6K24S
r9j9y14/Y9l8vf3ocIDPdvc5nw9KrtC3XeODbL06ikv8C5EwqHey6kF+5KKhYqZ4
4a4BJrh++hifDkD7ZG/c6ssbdAn7D09hFaPloyY4YAgRpHRTeftpL6LLTqr2aaUg
43XnMcDrrvpJvr9UDv/gReyRktqNiYsxeudm0iSqaKSnErmxfrbVa0+gs9eWPPRO
jIA3rGtoAD6qe2aVbInpdWGTJtAW9yuV3NxGeA7dYJAL8NEpyJOL07p/rcVqbv64
zJhZQSTvU71YlgOdH7dAM3s0syVNVn7Dl1h7BoDJV0f3KQO7g3tSwzaU6+X2Fo7t
sJoerFTzswiihc5sDqm5ExdxfFpcnmj8z/NTD1B8ft8/Vj2VSc5w52sZIcZd5Ka2
VFGYAGdKBuE=
=8Blb
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce