—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5139-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5139
Issue date: 2020-11-17
CVE Names: CVE-2020-26950
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.4.1 ESR.
Security Fix(es):
* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
firefox-78.4.1-1.el8_2.src.rpm
aarch64:
firefox-78.4.1-1.el8_2.aarch64.rpm
firefox-debuginfo-78.4.1-1.el8_2.aarch64.rpm
firefox-debugsource-78.4.1-1.el8_2.aarch64.rpm
ppc64le:
firefox-78.4.1-1.el8_2.ppc64le.rpm
firefox-debuginfo-78.4.1-1.el8_2.ppc64le.rpm
firefox-debugsource-78.4.1-1.el8_2.ppc64le.rpm
s390x:
firefox-78.4.1-1.el8_2.s390x.rpm
firefox-debuginfo-78.4.1-1.el8_2.s390x.rpm
firefox-debugsource-78.4.1-1.el8_2.s390x.rpm
x86_64:
firefox-78.4.1-1.el8_2.x86_64.rpm
firefox-debuginfo-78.4.1-1.el8_2.x86_64.rpm
firefox-debugsource-78.4.1-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX7QhvtzjgjWX9erEAQj/Gg/+Pita6C0jG95zfjpiTHX/0CDw0IOWAqYt
SzEF+YYIWGjrqcjzJx+NUaBIQeJgeSilAMgPq2FRIh83u1eiXg8RomYny2ZAh1ps
dCK8IC/vOJ+GE6aV0dk3BtS88IEM65SfeEpdu/voOrzXU57ZVrKVukyFbCRBujqr
IgAEkEeLWuaBEd2+qTeRWJNgNIKn8RBJdbwuq6RSkN0FWJ+fkcxFWHnlOIO8XfXQ
qPCbKUNT2pSYQ3TlIr7+UaW6nVWMOAxKKW3deaZq06ZLpqWXs8uxsa5MEJiq9rGy
Olf0D2lgTfgeuaxnrcT6UMJzlpwCdav/IWRyucEY1hBl+tdAA38LpmYIUjyFO0TD
Vu2vHth8g0e/UxsmS2fy8kIpU7Ea8bKXlkywzXcyY3uVb4ukyw6v/WGYqa5EFqLE
wwC1348kRa/NOgIWfhH1D+vbGYqW3rU3FA8+Kh541c2yULkcgMXIMxr01zi+LhEd
2Ugl2CgXAEEiwHu2/uz3HrYY8wh2S6gpP2z3+ElyEcKMu2Di4//frefokhXiPR21
t9WZHP//pvlbfujXGmTJSDOHVmfATfwbXRGrIXRYtMJZjGGoyX/23hYiaWldD/bt
kAY8QUsegeukqtSBB8b0nFwFy8hk23FKsqhVpjAdVL7OnUy/Fr/RvK1dqpmEZMmd
IYF/gku9kUs=
=EHdS
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5138-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5138
Issue date: 2020-11-17
CVE Names: CVE-2020-26950
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.4.1 ESR.
Security Fix(es):
* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
firefox-78.4.1-1.el8_0.src.rpm
aarch64:
firefox-78.4.1-1.el8_0.aarch64.rpm
firefox-debuginfo-78.4.1-1.el8_0.aarch64.rpm
firefox-debugsource-78.4.1-1.el8_0.aarch64.rpm
ppc64le:
firefox-78.4.1-1.el8_0.ppc64le.rpm
firefox-debuginfo-78.4.1-1.el8_0.ppc64le.rpm
firefox-debugsource-78.4.1-1.el8_0.ppc64le.rpm
s390x:
firefox-78.4.1-1.el8_0.s390x.rpm
firefox-debuginfo-78.4.1-1.el8_0.s390x.rpm
firefox-debugsource-78.4.1-1.el8_0.s390x.rpm
x86_64:
firefox-78.4.1-1.el8_0.x86_64.rpm
firefox-debuginfo-78.4.1-1.el8_0.x86_64.rpm
firefox-debugsource-78.4.1-1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX7QGjtzjgjWX9erEAQgfaBAAj5/WJ6aGh1NmgojmMKnmq5T4EgmiADnS
0tq5Fr5A3/OIrjMmxYO8oIcLbM14+gDWnURgykz5pmUwHuGseD8DfJ5x7q6tqbCA
1RjCLyRpKfrqShrblLnfxHf6iqKKUKMOUA/MsFSlQ/ZJhXdAYy/TbA5k8n2BfiYm
lQFZ212znSFsOfk+KXO+R9V0omQ6q5VmuldD8VtwCrXTeofdKn67N/2qnbd9UYl1
kAbnpxo6yrGh1+JsI1WucHj+/qaRABZ7MGR61mV12qftU/W2Ur+zdEcHGgsmaCdP
V7qaHhEsX+IF9yGm9Xgoivf4ZrrWACjyCse2rRlVfM5vcc3Orj02T10C6MMtBokF
NBhKhB/0381e5ZoK/Qt5+CIrWLlt5pf5TQQ4KtMn+jBiACgFMLBHI6gx+EdxZqoi
Inf0nMCp1HaglhL9K/HIVbknKBqzNLKG/Jgr7nIiaCj5D4jJU/TPSdNydLNJrPzJ
GhXx68A22oR4o5c3qF5sRqdjCGY4aBZA+WrFhNXV5PqA5GkIq7WTppJJtwDkBmbd
QlIy0E8XA2D/VbkcExZZEDwb7d/awvxFkz41BVDDUtCT8JwIdHE6l2pqZlBJAteS
NSMbDu6jjaFEK6tpGJTimmtl/sJWageRiucoJ9Z1v/ZtFxbczSAwJmLiHv6P67bs
6f+xN9wxPe0=
=YhmC
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: firefox security update
Advisory ID: RHSA-2020:5135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5135
Issue date: 2020-11-17
CVE Names: CVE-2020-26950
=====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 78.4.1 ESR.
Security Fix(es):
* Mozilla: Write side effects in MCallGetProperty opcode not accounted for
(CVE-2020-26950)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1896306 – CVE-2020-26950 Mozilla: Write side effects in MCallGetProperty opcode not accounted for
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
firefox-78.4.1-1.el8_1.src.rpm
aarch64:
firefox-78.4.1-1.el8_1.aarch64.rpm
firefox-debuginfo-78.4.1-1.el8_1.aarch64.rpm
firefox-debugsource-78.4.1-1.el8_1.aarch64.rpm
ppc64le:
firefox-78.4.1-1.el8_1.ppc64le.rpm
firefox-debuginfo-78.4.1-1.el8_1.ppc64le.rpm
firefox-debugsource-78.4.1-1.el8_1.ppc64le.rpm
s390x:
firefox-78.4.1-1.el8_1.s390x.rpm
firefox-debuginfo-78.4.1-1.el8_1.s390x.rpm
firefox-debugsource-78.4.1-1.el8_1.s390x.rpm
x86_64:
firefox-78.4.1-1.el8_1.x86_64.rpm
firefox-debuginfo-78.4.1-1.el8_1.x86_64.rpm
firefox-debugsource-78.4.1-1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-26950
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX7P7xtzjgjWX9erEAQicYQ/8DWg/CkdASNjLtnjdSNHAhKWqV93YVSoI
DIKKjydvZ3Ty9yW1LTR/qpPh/aEIunuyTnSUcBxpjRyBA5ilhGMNjF6eZeYWlivP
2vnGXxX2Z9EdUib9ENalN+Ujx/Cw0D6eMqXI0MIN/AJZqR1UF8AKLeHvcLhvdlI8
drVEcXCuw6ABrZprJ/oyP9AbZ0L1y8FzAlZ8n5XNcXC7RAZRc3TJO+g9yQuYR0gv
YnXZ1+nSoyFdZjZZsOV02m2WBfmt7DTydmx+tCzRJ2x50y3zxV8z7lBUGfu6QR9L
PMQ0CvALHMFkSiVk6zLR5TmbxHTwg8FA6PLm8+SNfVc/Pl6oQfEcrHhcJDYLd6ZT
18Msb6+bfXTaPwqT1hJ3QVJSGgM+bqQDsJPAt1XbIjg1OADHFGc/gAq9Gqpel5K4
s2sPrPBZ56Cl5YB57Skn42MqPXDGxhOilt3qJuHNiETWTG5v2MDhyAcd3JPvBS7Z
x4c0sxJLxgpyPi1KZF5Cu34trSqhQfmVdbqd3G09TlM9QI4mR0lAZ9v8OOhRzLi8
ymWZlxlW2MdtfvbwsaZBOpB3wFoOfOeZnqf99ESBwQa2bM88cBwJvyvzJ92sL6pE
NO3SEEj2z2fHBW47vM71G1CHaLEuiTJkc3Z4eFOIufYFskzJXX+aSYbZMfSV+SoC
A2C64pMCVmc=
=Ttbf
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce