Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Red Hat Enterprise Linux 8: RHSA-2021-0052-01 Critical: Firefox Update

Calendar Jan 11, 2021 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat Red Hat Enterprise Linux critical update firefox web security security impact browser security use-after-free
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2021:0052-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0052
Issue date:        2021-01-11
CVE Names:         CVE-2020-16044 
====================================================================
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.6.1 ESR.

Security Fix(es):

* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP
chunk (CVE-2020-16044)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1913503 - CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
firefox-78.6.1-1.el8_3.src.rpm

aarch64:
firefox-78.6.1-1.el8_3.aarch64.rpm
firefox-debuginfo-78.6.1-1.el8_3.aarch64.rpm
firefox-debugsource-78.6.1-1.el8_3.aarch64.rpm

ppc64le:
firefox-78.6.1-1.el8_3.ppc64le.rpm
firefox-debuginfo-78.6.1-1.el8_3.ppc64le.rpm
firefox-debugsource-78.6.1-1.el8_3.ppc64le.rpm

s390x:
firefox-78.6.1-1.el8_3.s390x.rpm
firefox-debuginfo-78.6.1-1.el8_3.s390x.rpm
firefox-debugsource-78.6.1-1.el8_3.s390x.rpm

x86_64:
firefox-78.6.1-1.el8_3.x86_64.rpm
firefox-debuginfo-78.6.1-1.el8_3.x86_64.rpm
firefox-debugsource-78.6.1-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-16044
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX/wg/dzjgjWX9erEAQjr5A//dPrLpkeqmldozBLpVVBYdbPso4k+4SUF
fAd4q6j5d4GJLf0ojpRurp5qkRHUhdT2lhS+X3/rsBDR9vy/3hQ7fYzVe396uXL3
VhFHiIK89VGOZebRonZ3HAWCb6aQTKbe4UJbrv+lSW2kfvkPlNo2TXK9gdvurTfz
xTyWBhDECb3adalMEPxpWkAmMUZYSWyhzEcoHzjpYPUjQMS89F9rgFiF2fqzPw9v
m+8fSYLA1uqZ/BM4OKPLVDoMFuXwKlu6EoiehH0wsQo9ki8O42nxXQNu5EplLY7Q
fCqXLA8KGJp8w9yz/LoZ3rdUsFWkX4MJqk1oH+0FE2RJofDr3l/AcuK5RXvLZ8C4
xSunnBacDwRH99Wg7qunyrNPG2/6YhXnNyMt9i982OOEr6o7lbb8ANiTlMN9YgZy
SX42aK9NemE92dlJ5uU1np8931Flxj1bvwH9Zp39eKo3bByc/p9YnmOOMhvs15qe
JlSXE/qoF4OXPup6SNu8q0loRriWmFcoQhHK9/JsmD4V77Y9zWg6rACD09kFLs7D
MAa+AYDoKGizVvYKlPHfBzpg3Y+PUjM/cUuJDtpWX+h5nx/bXOPdSWyX67nh1rkq
FVysojDW5oVyF9TY4ad2e+gBQdtPbVI7O6jH4HM3TTZpj/A6cdloFBYr566jrjyI
6gwrnRgfQ4k=Jivy
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat Enterprise Linux 8: RHSA-2021-0052-01 Critical: Firefox Update

red hat
Calendar Grey January 11, 2021
Dist Redhat Esm H88
Essential security patch issued for Firefox on RHEL 8, tackling a major vulnerability.
An update for firefox is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Summary

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.6.1 ESR.
Security Fix(es):
* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat Red Hat Enterprise Linux critical update firefox web security security impact browser security use-after-free

References

https://access.redhat.com/security/cve/CVE-2020-16044 https://access.redhat.com/security/updates/classification/#critical

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: firefox-78.6.1-1.el8_3.src.rpm
aarch64: firefox-78.6.1-1.el8_3.aarch64.rpm firefox-debuginfo-78.6.1-1.el8_3.aarch64.rpm firefox-debugsource-78.6.1-1.el8_3.aarch64.rpm
ppc64le: firefox-78.6.1-1.el8_3.ppc64le.rpm firefox-debuginfo-78.6.1-1.el8_3.ppc64le.rpm firefox-debugsource-78.6.1-1.el8_3.ppc64le.rpm
s390x: firefox-78.6.1-1.el8_3.s390x.rpm firefox-debuginfo-78.6.1-1.el8_3.s390x.rpm firefox-debugsource-78.6.1-1.el8_3.s390x.rpm
x86_64: firefox-78.6.1-1.el8_3.x86_64.rpm firefox-debuginfo-78.6.1-1.el8_3.x86_64.rpm firefox-debugsource-78.6.1-1.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:0052-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0052
Issue date: 2021-01-11

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat Red Hat Enterprise Linux critical update firefox web security security impact browser security use-after-free

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1913503 - CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here