(RHSA-2024:0970) Important: firefox security update

2024-02-2600:56:41

access.redhat.com

firefox

security update

mozilla

out-of-bounds memory

spoofed dialog

memory safety bugs

fullscreen notification

custom cursor

unintended permission grants

multipart http responses

incorrect code generation

cve-2024-1546

cve-2024-1547

cve-2024-1553

cve-2024-1550

cve-2024-1551

cve-2024-1552

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

10.3%

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64firefox< 115.8.0-1.el8_6firefox-115.8.0-1.el8_6.aarch64.rpm
RedHat8aarch64firefox-debugsource< 115.8.0-1.el8_6firefox-debugsource-115.8.0-1.el8_6.aarch64.rpm
RedHat8x86_64firefox< 115.8.0-1.el8_6firefox-115.8.0-1.el8_6.x86_64.rpm
RedHat8s390xfirefox-debuginfo< 115.8.0-1.el8_6firefox-debuginfo-115.8.0-1.el8_6.s390x.rpm
RedHat8s390xfirefox-debugsource< 115.8.0-1.el8_6firefox-debugsource-115.8.0-1.el8_6.s390x.rpm
RedHat8ppc64lefirefox-debuginfo< 115.8.0-1.el8_6firefox-debuginfo-115.8.0-1.el8_6.ppc64le.rpm
RedHat8s390xfirefox< 115.8.0-1.el8_6firefox-115.8.0-1.el8_6.s390x.rpm
RedHat8x86_64firefox-debugsource< 115.8.0-1.el8_6firefox-debugsource-115.8.0-1.el8_6.x86_64.rpm
RedHat8ppc64lefirefox< 115.8.0-1.el8_6firefox-115.8.0-1.el8_6.ppc64le.rpm
RedHat8ppc64lefirefox-debugsource< 115.8.0-1.el8_6firefox-debugsource-115.8.0-1.el8_6.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	firefox	< 115.8.0-1.el8_6	firefox-115.8.0-1.el8_6.aarch64.rpm
RedHat	8	aarch64	firefox-debugsource	< 115.8.0-1.el8_6	firefox-debugsource-115.8.0-1.el8_6.aarch64.rpm
RedHat	8	x86_64	firefox	< 115.8.0-1.el8_6	firefox-115.8.0-1.el8_6.x86_64.rpm
RedHat	8	s390x	firefox-debuginfo	< 115.8.0-1.el8_6	firefox-debuginfo-115.8.0-1.el8_6.s390x.rpm
RedHat	8	s390x	firefox-debugsource	< 115.8.0-1.el8_6	firefox-debugsource-115.8.0-1.el8_6.s390x.rpm
RedHat	8	ppc64le	firefox-debuginfo	< 115.8.0-1.el8_6	firefox-debuginfo-115.8.0-1.el8_6.ppc64le.rpm
RedHat	8	s390x	firefox	< 115.8.0-1.el8_6	firefox-115.8.0-1.el8_6.s390x.rpm
RedHat	8	x86_64	firefox-debugsource	< 115.8.0-1.el8_6	firefox-debugsource-115.8.0-1.el8_6.x86_64.rpm
RedHat	8	ppc64le	firefox	< 115.8.0-1.el8_6	firefox-115.8.0-1.el8_6.ppc64le.rpm
RedHat	8	ppc64le	firefox-debugsource	< 115.8.0-1.el8_6	firefox-debugsource-115.8.0-1.el8_6.ppc64le.rpm