Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryred hat enterpriseimportant updateRHEL 8.2: RHSA-2023-3139-01 Critical: Firefox Security Updates
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:3139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3139 Issue date: 2023-05-16 CVE Names: CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypassvia clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212) * Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups 2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver 2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking 2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code 2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar 2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData() 2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 6. Package List: Red Hat Enterprise Linux AppStream AUS (v.8.2): Source: firefox-102.11.0-2.el8_2.src.rpm aarch64: firefox-102.11.0-2.el8_2.aarch64.rpm firefox-debuginfo-102.11.0-2.el8_2.aarch64.rpm firefox-debugsource-102.11.0-2.el8_2.aarch64.rpm ppc64le: firefox-102.11.0-2.el8_2.ppc64le.rpm firefox-debuginfo-102.11.0-2.el8_2.ppc64le.rpm firefox-debugsource-102.11.0-2.el8_2.ppc64le.rpm s390x: firefox-102.11.0-2.el8_2.s390x.rpm firefox-debuginfo-102.11.0-2.el8_2.s390x.rpm firefox-debugsource-102.11.0-2.el8_2.s390x.rpm x86_64: firefox-102.11.0-2.el8_2.x86_64.rpm firefox-debuginfo-102.11.0-2.el8_2.x86_64.rpm firefox-debugsource-102.11.0-2.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: firefox-102.11.0-2.el8_2.src.rpm aarch64: firefox-102.11.0-2.el8_2.aarch64.rpm firefox-debuginfo-102.11.0-2.el8_2.aarch64.rpm firefox-debugsource-102.11.0-2.el8_2.aarch64.rpm ppc64le: firefox-102.11.0-2.el8_2.ppc64le.rpm firefox-debuginfo-102.11.0-2.el8_2.ppc64le.rpm firefox-debugsource-102.11.0-2.el8_2.ppc64le.rpm s390x: firefox-102.11.0-2.el8_2.s390x.rpm firefox-debuginfo-102.11.0-2.el8_2.s390x.rpm firefox-debugsource-102.11.0-2.el8_2.s390x.rpm x86_64: firefox-102.11.0-2.el8_2.x86_64.rpm firefox-debuginfo-102.11.0-2.el8_2.x86_64.rpm firefox-debugsource-102.11.0-2.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v. 8.2): Source: firefox-102.11.0-2.el8_2.src.rpm aarch64: firefox-102.11.0-2.el8_2.aarch64.rpm firefox-debuginfo-102.11.0-2.el8_2.aarch64.rpm firefox-debugsource-102.11.0-2.el8_2.aarch64.rpm ppc64le: firefox-102.11.0-2.el8_2.ppc64le.rpm firefox-debuginfo-102.11.0-2.el8_2.ppc64le.rpm firefox-debugsource-102.11.0-2.el8_2.ppc64le.rpm s390x: firefox-102.11.0-2.el8_2.s390x.rpm firefox-debuginfo-102.11.0-2.el8_2.s390x.rpm firefox-debugsource-102.11.0-2.el8_2.s390x.rpm x86_64: firefox-102.11.0-2.el8_2.x86_64.rpm firefox-debuginfo-102.11.0-2.el8_2.x86_64.rpm firefox-debugsource-102.11.0-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-32205 https://access.redhat.com/security/cve/CVE-2023-32206 https://access.redhat.com/security/cve/CVE-2023-32207 https://access.redhat.com/security/cve/CVE-2023-32211 https://access.redhat.com/security/cve/CVE-2023-32212 https://access.redhat.com/security/cve/CVE-2023-32213 https://access.redhat.com/security/cve/CVE-2023-32215 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGQXddzjgjWX9erEAQgi7Q/+PVwmtEibU58JYicPijXz3FpH6+IK90d1 nzAkHuI4LgUVQZjBaljPJsNPg8PVJWKvEQqPvprD3F4vVxS9SL5l+O0XOqd9h89U WNmGEPLHluLJi1otcrABcbRGS4MSpyFGOydS7dTXW+j8N79zhJS0WMfXQYo8aLct f/fBjg3fD69mql/nL3/YHtPN0C9cQT8mZj6kr9FNwyUTCAvhUyOLr8irEjNGkiIR eNpvOIgLyEzHCBq7GAhoXLrd919iV21PQvRh5cGxS3EuT+yIUjcgea0DL0N2ASlz PoAOmime84Ic2wS+BvEkYASE5XdhbMGe+Sqcv1Ndliwnyqy7XH/k73tOS9TcHK9z MeOQC7ZlaXx30t4I17QT/K2cpDpo5any+fv6LEnxek0hNbbb1s+kdzE2OpvsFxbl wPYNmo0w18Ll6LDzu9E31XeTJvBsrbhGnxbWmBBhJ4TttAIsqr6GAVi5VjE1DO4X YNz4pnfqv20ItFEj9UsvgmHTDKkK97fQZ/rBHNQXtIbMwTghzWDaCKGHH1dO6KOE 460ncBF1w2CBmVVUL9EUUyHFKi3Bfv0MVCGAlzmEKs0ajRzMR/vbaQNuBtM2Bt5K lLoFvGRT/j3L1SnKyPONrQRDwFKCLaVeQAGio0RSLrQdk1R6+oTX1NtrVXfr9IWP lwKtxJmAXDU=0wtv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
•Important
Red Hat
217
security advisorysecurity updatecriticalOracle Linux 5 ELSA-2013-1140 Critical: Firefox Security Update
The following updated rpms for Oracle Linux 5 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2013-1140 https://access.redhat.com/errata/RHSA-2013:1140.html The following updated rpms for Oracle Linux 5 have been uploaded to the Unbreakable Linux Network: i386: firefox-17.0.8-1.0.1.el5_9.i386.rpm xulrunner-17.0.8-3.0.1.el5_9.i386.rpm xulrunner-devel-17.0.8-3.0.1.el5_9.i386.rpm x86_64: firefox-17.0.8-1.0.1.el5_9.i386.rpm firefox-17.0.8-1.0.1.el5_9.x86_64.rpm xulrunner-17.0.8-3.0.1.el5_9.i386.rpm xulrunner-17.0.8-3.0.1.el5_9.x86_64.rpm xulrunner-devel-17.0.8-3.0.1.el5_9.i386.rpm xulrunner-devel-17.0.8-3.0.1.el5_9.x86_64.rpm ia64: firefox-17.0.8-1.0.1.el5_9.ia64.rpm xulrunner-17.0.8-3.0.1.el5_9.ia64.rpm xulrunner-devel-17.0.8-3.0.1.el5_9.ia64.rpm SRPMS: https://oss.oracle.com:443/ol5/SRPMS-updates/firefox-17.0.8-1.0.1.el5_9.src.rpm https://oss.oracle.com:443/ol5/SRPMS-updates/xulrunner-17.0.8-3.0.1.el5_9.src.rpm Description of changes: firefox [17.0.8-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones [17.0.8-1] - Update to 17.0.8 ESR xulrunner [17.0.8-3.0.1.el5_9] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.8-3] - Update to 17.0.8 ESR Build 2 - Disable strict aliasing - mozbz#821502 [17.0.8-2] - Added fix for rhbz#990921 - firefox does not build with. required nss/nspr [17.0.8-1] - Update to 17.0.8 ESR . Important Firefox enhancements for Oracle Linux 5, highlighting vital security updates and RPM distributions for users.. Oracle Linux, Firefox Security, RPM Packages, Security Update, Linux Fixes. . Severity: Critical. LinuxSecurity.com Team
Aug 07, 2013
•Critical
Oracle
89
security advisorysecurity issuesoftware updateFedora 11: FEDORA-2009-7898 Critical: Firefox Fix Against Multiple Issues
Update to new upstream Firefox version 3.5.1, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7898 2009-07-22 20:39:05 -------------------------------------------------------------------------------- Name : google-gadgets Product : Fedora 11 Version : 0.11.0 Release : 2.fc11 URL : https://code.google.com/archive/p/google-gadgets-for-linux Summary : Google Gadgets for Linux Description : Google Gadgets for Linux provides a platform for running desktop gadgets under Linux, catering to the unique needs of Linux users. It can run, without modification, many Google Desktop gadgets as well as the Universal Gadgets on iGoogle. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.1, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 17 2009 Jan Horak - 0.11.0-2 - Rebuild against newer gecko * Wed Jul 1 2009 Michel Salim - 0.11.0-1 - Update to 0.11.0 * Sat May 2 2009 Michel Salim - 0.10.6-0.1.20090430svn1449.fc11 - Update to SVN checkout, for xulrunner 1.9.1.1 compatibility -------------------------------------------------------------------------------- References: [ 1 ] Bug #511228 - CVE-2009-2477 CVE-2009-2478 CVE-2009-2479 firefox 3.5 various flaws https://bugzilla.redhat.com/show_bug.cgi?id=511228 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update google-gadgets' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 22, 2009
•Critical
Fedora
89
security advisoryfedorasecurity issuesFedora 9 2009-2421: Moderate Kazehakase Browser Security Fix
Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2421 2009-03-08 06:09:09 --------------------------------------------------------------------------------Name : kazehakase Product : Fedora 9 Version : 0.5.6 Release : 1.fc9.4 URL : Summary : Kazehakase browser using Gecko rendering engine Description : Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. --------------------------------------------------------------------------------Update Information: Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. --------------------------------------------------------------------------------ChangeLog: * Fri Mar 6 2009 Jan Horak - 0.5.6-1.4 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.5.6-1.3 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.5.6-1.2 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 0.5.6-1.1 - Rebuild against newer gecko * Fri Oct 31 2008 Mamoru Tasaka - 0.5.6-1 - 0.5.6 - -UGTK_DISABLE_DEPRECATED hack removed (hack introduced in upstream) * WedSep 24 2008 Christopher Aillon - Rebuild against newer gecko (F-9/8) * Tue Aug 5 2008 Mamoru Tasaka - Try rev. 3509 * Wed Jul 30 2008 Mamoru Tasaka - 0.5.5-1 - 0.5.5 * Sat Jul 19 2008 Mamoru Tasaka - 0.5.4-7.svn3506_trunk - F-9+: relax gecko libs dependency (as GRE_GetGREPathWithProperties properly finds out GRE) - F-10+: add -UGTK_DISABLE_DEPRECATED temporarily * Tue Jul 15 2008 Christopher Aillon - Rebuild against newer gecko (F-8) * Wed Jul 2 2008 Christopher Aillon - Rebuild against newer gecko (F-8) * Sat Jun 28 2008 Mamoru Tasaka - 0.5.4-6.svn3506_trunk - Try rev 3506 - Workaround for bug 447444 (xulrunner vs hunspell conflict) (F-9+) * Wed Jun 25 2008 Mamoru Tasaka - 0.5.4-5 - Apply xulrunner related patches from debian by Mike Hommey (debian bug 480796, rh bug 402641) This time kazehakase actually works with xulrunner! --------------------------------------------------------------------------------References: [ 1 ] Bug #488272 - CVE-2009-0771 Firefox 3 Layout Engine Crashes https://bugzilla.redhat.com/show_bug.cgi?id=488272 [ 2 ] Bug #488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=488273 [ 3 ] Bug #488276 - CVE-2009-0773 Firefox 3 crashes in the JavaScript engine https://bugzilla.redhat.com/show_bug.cgi?id=488276 [ 4 ] Bug #488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine https://bugzilla.redhat.com/show_bug.cgi?id=488283 [ 5 ] Bug #488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=488287 [ 6 ] Bug #488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect https://bugzilla.redhat.com/show_bug.cgi?id=488290 [ 7 ] Bug #488292 - CVE-2009-0777 Firefox URL spoofing with invisible control characters https://bugzilla.redhat.com/show_bug.cgi?id=488292 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update kazehakase' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 08, 2009
•Important
Fedora
99
security advisorycritical issuesecurity patchSlackware 10.2, 11.0 & 12.0: Security Fixes for Firefox & SeaMonkey
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. New seamonkey updates are available for Slackware 11.0, 12.0, and -current to address similar issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] firefox, seamonkey (SSA:2007-297-01) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. New seamonkey updates are available for Slackware 11.0, 12.0, and -current to address similar issues. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz: Upgraded to firefox-2.0.0.8. This upgrade fixes some more security bugs. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/ (* Security fix *) patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz: Upgraded to seamonkey-1.1.5. This upgrade fixes some more security bugs. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 10.2: Updated packages for Slackware 11.0: Updated packages for Slackware 12.0: Updated packages for Slackware -current: MD5 signatures: +-------------+ Slackware 10.2 package: b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz Slackware 11.0 packages: b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz 8b99ebde232b836a98d463d12954604e seamonkey-1.1.5-i486-1_slack11.0.tgz Slackware 12.0 packages: b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz 388eb89901569741c236bf2e986a6930 seamonkey-1.1.5-i486-1_slack12.tgz Slackware -current packages: b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz 7f9f3ee3d139514bf2f9e708d69bab2a seamonkey-1.1.5-i486-1.tgz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg mozilla-firefox-2.0.0.8-i686-1.tgz seamonkey-1.1.5-i486-1_slack12.tgz +-----+ . Latest updates for Mozilla Firefox and SeaMonkey address serious vulnerabilities in Slackware versions 10.2, 11.0, and 12.0.. Slackware Update, Mozilla Firefox, SeaMonkey, Security Fixes, Critical Issues. . Severity: Critical. LinuxSecurity.com Team
Oct 25, 2007
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!