You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa firefox

Sigurnosni nedostatak programskog paketa firefox

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5104-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5104
Issue date: 2020-11-12
CVE Names: CVE-2020-26950
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) – i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) – x86_64
Red Hat Enterprise Linux Server (v. 6) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) – i386, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.4.1 ESR.

Security Fix(es):

* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
firefox-78.4.1-1.el6_10.src.rpm

i386:
firefox-78.4.1-1.el6_10.i686.rpm

x86_64:
firefox-78.4.1-1.el6_10.x86_64.rpm
firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
firefox-78.4.1-1.el6_10.src.rpm

x86_64:
firefox-78.4.1-1.el6_10.x86_64.rpm
firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
firefox-78.4.1-1.el6_10.src.rpm

i386:
firefox-78.4.1-1.el6_10.i686.rpm

ppc64:
firefox-78.4.1-1.el6_10.ppc64.rpm
firefox-debuginfo-78.4.1-1.el6_10.ppc64.rpm

s390x:
firefox-78.4.1-1.el6_10.s390x.rpm
firefox-debuginfo-78.4.1-1.el6_10.s390x.rpm

x86_64:
firefox-78.4.1-1.el6_10.x86_64.rpm
firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
firefox-78.4.1-1.el6_10.src.rpm

i386:
firefox-78.4.1-1.el6_10.i686.rpm

x86_64:
firefox-78.4.1-1.el6_10.x86_64.rpm
firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX61Pp9zjgjWX9erEAQjF8hAAmXxWYcpKKaIauYZXrTfw9SthKMhK/6pv
9T/vlGGBsVEqgFuECQSp2RvsecBwKh01OyMH6Pw8p8qk9uAGcQAThH0nBcEb3vWb
w4QFsQ0H/auVJfoQss5ZoAYA+bEELjd06Be9pxrUHB5NtLbXvEvpv89O4yuxEh1Q
3KKg8wTFquD6DrgFstB8HoyylVHn2ruybvK/FEGBWiG/60dSeQ/2SnvYIzKBXsaH
lliBdCmebBnWd1PDxEaXxG33LGYNiFWcx6BgRWWA/rzp5p+K58AeLaneq8PNBfzb
UtXUcg9muag1OuiccJzOYhH6PPn3WxPV8dEj7asCnzTHsrRz4A8USNkJdlRFkmv9
OywwAg7owT58Qi2gyUBDrf9OK8OePFk8R5vQtAycDAglMJJKxgV0s6tAlkC5gc3P
xXE3pJUCEG0HUcCvANkWiGuiS8vb3sgmSPF7NTkMuPZa33sDgmP6axT4ScZi+uM9
E2+o0sbnoOKwR7qzxV3QK6cMu24ojyoa/ZyupwBdAbBK57LbOqOFp8I6ObHPgiiX
dyfedYPX8I/DZ+JlCSekiQkwgOxfURh8zn4BECGEBMe6sng9R7xCTpfpuwyYZSfz
qq2x//Oomn0xKjr8GYdey3ZKCsprOKF89VPmyxlf0PhCS4X3OkyndGWexonUfbRB
R2wILLUFfz8=
=jLaM
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5099-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5099
Issue date: 2020-11-12
CVE Names: CVE-2020-26950
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.4.1 ESR.

Security Fix(es):

* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
firefox-78.4.1-1.el7_9.src.rpm

x86_64:
firefox-78.4.1-1.el7_9.x86_64.rpm
firefox-debuginfo-78.4.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
firefox-78.4.1-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
firefox-78.4.1-1.el7_9.src.rpm

ppc64:
firefox-78.4.1-1.el7_9.ppc64.rpm
firefox-debuginfo-78.4.1-1.el7_9.ppc64.rpm

ppc64le:
firefox-78.4.1-1.el7_9.ppc64le.rpm
firefox-debuginfo-78.4.1-1.el7_9.ppc64le.rpm

s390x:
firefox-78.4.1-1.el7_9.s390x.rpm
firefox-debuginfo-78.4.1-1.el7_9.s390x.rpm

x86_64:
firefox-78.4.1-1.el7_9.x86_64.rpm
firefox-debuginfo-78.4.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:
firefox-78.4.1-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
firefox-78.4.1-1.el7_9.src.rpm

x86_64:
firefox-78.4.1-1.el7_9.x86_64.rpm
firefox-debuginfo-78.4.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
firefox-78.4.1-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX61NitzjgjWX9erEAQg2Ww/+JR0kPXC0phiOuPRaOgPfhTyDIEhvd6Kk
LkvbXXeI+GpN9H1kxT6E/D1koPpGAQHPOk+R8RvUTv4f206q8bfCNaK/P8OTFBA4
3WavkaJohKGRVouMwRWt57wXwhuos7thQLPcNoUm9vUZB8sVW9jKPnRhDDbryyLl
U0JbLJEQ8WzCe4PgORfGZl2GAJQPjSkY7wrF9Et04A1rToCkFetfz0dcbQ4WeJ6B
bLL+gVPlKMZEhSqLDrq74x8NjTOoFDu64Uxxc0IoOuFNg5V7DTGpbXbg5bunCd+O
n7lb5WY8+UOLbiZCsAXBupq3wb8AQ8yV3OB7bOzgFiG08dCzyceJyMrVEatrqN3r
AWEuSL1Syk9TG/+YeggL0++lpVbzpdaaYVpoZJFItk2pzjzB+tB0PwcVgULVzOrQ
hGe6uWpaJvu6/e6NzUDGx4rRPADkS3uvf+fEh5J3+m/zLXqr26Mptqr88mCYe3CU
jiaRt/fyeNqgId9zWld5542r3x2cAxEFOfh0ReVRaxSD7PeDYUPEzwn4mfLbmCNX
OdsxJS1spcX/9ykkmfe0Lo8/UoKQEt/Q6RkwO9gw1Znv0jqBJF85dI5RDvXgv3jj
2sqFdFgr5U5G5DmmfVlixuM1+W1h42LJ35IDOgTDKYC2bpb7EB8aYh9MRs9nG7VZ
8GBZHZVr9nA=
=WP1u
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5100-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5100
Issue date: 2020-11-12
CVE Names: CVE-2020-26950
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.4.1 ESR.

Security Fix(es):

* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
firefox-78.4.1-1.el8_3.src.rpm

aarch64:
firefox-78.4.1-1.el8_3.aarch64.rpm
firefox-debuginfo-78.4.1-1.el8_3.aarch64.rpm
firefox-debugsource-78.4.1-1.el8_3.aarch64.rpm

ppc64le:
firefox-78.4.1-1.el8_3.ppc64le.rpm
firefox-debuginfo-78.4.1-1.el8_3.ppc64le.rpm
firefox-debugsource-78.4.1-1.el8_3.ppc64le.rpm

s390x:
firefox-78.4.1-1.el8_3.s390x.rpm
firefox-debuginfo-78.4.1-1.el8_3.s390x.rpm
firefox-debugsource-78.4.1-1.el8_3.s390x.rpm

x86_64:
firefox-78.4.1-1.el8_3.x86_64.rpm
firefox-debuginfo-78.4.1-1.el8_3.x86_64.rpm
firefox-debugsource-78.4.1-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX61JUtzjgjWX9erEAQhLuw/+J4HXEDmXEZoK5YxupWz9cdGC+ei6N8GX
mUDLYrBnc/CYegWd720bQsCe+BGNtC0GFkzUv8ThBvcGHFcpXG4S4Hg509cRBoKu
cuw2/b5euA/QuXtyONtIsp1qU0Brl2Wne0QWCW6cjoWpcN384gVziTrnhzrKtrL7
djrLpWVCrr4ZeEhhDvBfB96JYUV4piivQjBg9fPeVMEJ20+H9+ZNHFJWKfeHrBr7
471GmCfy2lW6jx+9ew5Bj0XiJ7+GNlQUcaC0gJBX8wvfPLBeljzKQPE5ByVdD5df
hsjuYepPBq7MUZzoX1rgWOds0Exqk3jPzbuXPHxMgRviyZ6bTZcSSSC891vCzriq
lyDoYczo8KYmjJU7+Mu9qaWDQnuwGSoQ5UQDdRA5pV00K88yAc7guJZgxmATlpLu
pwmvYEYFGXFkUbfx7rAE6SAiuz7VPjFikW31O7nQBNqE6gi6YDZIxe9qo4OCosn/
InIfoPYG2R97g/7OdEj9yTf9zgzbfdgL1MvEMHNHlGHW3NafLaG9JohE3J9Su3nr
XmVJhEk79g2FCkSHuBC/AcvgJ6sb442XKr29q5+J3YhrEqZHQlDOeCeI7wgRGBXZ
OY2Z4/3bGKMKXKLx/RqH6jjPHJx5UNiB3/9IXIgdHCuNeMSidDKIp/0ChLBs3jy6
Vf8ELhlxvTw=
=gvBy
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libmaxminddb

Otkriven je sigurnosni nedostatak programske biblioteke libmaxminddb za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja ili...

Close