Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
217
security advisorysecurity updateimportantOracle Linux 7 ELSA-2023-6162: Important Firefox Security Update
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-6162 https://linux.oracle.com/errata/ELSA-2023-6162.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: firefox-115.4.0-1.0.1.el7_9.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//firefox-115.4.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 CVE-2023-44488 Description of changes: [115.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.4.0-1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL _______________________________________________ El-errata mailing list
Oct 31, 2023
•Important
Oracle
98
security advisoryRed Hat Enterprise LinuximportantRed Hat Enterprise Linux 9 RHSA-2023:3143-01 Firefox Important Security Update
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:3143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3143 Issue date: 2023-05-16 CVE Names: CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar(CVE-2023-32212) * Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups 2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver 2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking 2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code 2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar 2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData() 2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: firefox-102.11.0-2.el9_2.src.rpm aarch64: firefox-102.11.0-2.el9_2.aarch64.rpm firefox-debuginfo-102.11.0-2.el9_2.aarch64.rpm firefox-debugsource-102.11.0-2.el9_2.aarch64.rpm firefox-x11-102.11.0-2.el9_2.aarch64.rpm ppc64le: firefox-102.11.0-2.el9_2.ppc64le.rpm firefox-debuginfo-102.11.0-2.el9_2.ppc64le.rpm firefox-debugsource-102.11.0-2.el9_2.ppc64le.rpm firefox-x11-102.11.0-2.el9_2.ppc64le.rpm s390x: firefox-102.11.0-2.el9_2.s390x.rpm firefox-debuginfo-102.11.0-2.el9_2.s390x.rpm firefox-debugsource-102.11.0-2.el9_2.s390x.rpm firefox-x11-102.11.0-2.el9_2.s390x.rpm x86_64: firefox-102.11.0-2.el9_2.x86_64.rpm firefox-debuginfo-102.11.0-2.el9_2.x86_64.rpm firefox-debugsource-102.11.0-2.el9_2.x86_64.rpm firefox-x11-102.11.0-2.el9_2.x86_64.rpm These packages are GPG signed by Red Hat forsecurity. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-32205 https://access.redhat.com/security/cve/CVE-2023-32206 https://access.redhat.com/security/cve/CVE-2023-32207 https://access.redhat.com/security/cve/CVE-2023-32211 https://access.redhat.com/security/cve/CVE-2023-32212 https://access.redhat.com/security/cve/CVE-2023-32213 https://access.redhat.com/security/cve/CVE-2023-32215 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGQXetzjgjWX9erEAQjeqhAAh/K0SyWl8IbZowaQrIVmgTZFH9DhymF7 A/HdvrslYLvbJIODOobhYcx42BHv1lViEW5FwoHgP+Gozs3sJml01Dngs0RHxmzj oZNkDwzynlwvBX0Anp0lY4OvioAetRRM6h1rgNrhBYTcIHAEUHK5sGaON+biuy5T IpTDSESMV136ZkF8BkHX4rEqongYb35UvAb9hdy2fCuS1sYpi8qCYomCjsDuHI4P 5bsGeWuxwz5Q6gpt+IwN4ObXYWEaqpFlT4FTGPVDKmcZeOKwFdpxkmSBO3/G5dqD iS3uu11y27QyKDL5vZ0atHRO+cc5TM5TY2VCmjXlyuXmnoVKZFT+Y+ZoWbgcIpYL TDgm0zbM7VdYAAtF46TEQvaysKdPJGBBxdi/NTlexZa1YUiLfSLWZwrPngNZaNB8 /x8ZP7LNcO8iPTpBj98KFc/ttPwEeMHbNur97prZwprWHCGyNJVlhspf7YrSn5HB 5mSlx2eZDC407s28EmueGY9hmYWWNOa6DQzCW2iZBJ6BpZqpY9BKdkQORUH1gbD0 ggoFCMVeE9jSMm6evF7JORryp7gBBuoW9b7PZBHxzRJuIyMVwLBZnjy1z6XeMCoP KtvigAw6KP+/ZgSFVUgb9mfc7zyj04WDVeWwuJjTomnVjWDlaSUgnLrDGMx61Wsx 25e+FwcsilY=oUqA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
•Important
Red Hat
203
security advisorycrash exploitmemory safetyMageia 8: MGASA-2023-0111 Moderate: Multiple Firefox Memory Issues
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be . MGASA-2023-0111 - Updated firefox packages fix security vulnerability Publication date: 24 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0111.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable (CVE-2023-25752). While implementing on AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have lead to a potentially exploitable crash (CVE-2023-28162). Dragging a URL from a cross-origin iframe that was removed during the drag could have lead to user confusion and website spoofing attacks (CVE-2023-28164). Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2023-28176). References: - https://bugs.mageia.org/show_bug.cgi?id=31663 - https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/HcRrYgEdGIo - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html - https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/ - https://www.cve.org/CVERecord?id=CVE-2023-25751 - https://www.cve.org/CVERecord?id=CVE-2023-25752 -https://www.cve.org/CVERecord?id=CVE-2023-28162 - https://www.cve.org/CVERecord?id=CVE-2023-28164 - https://www.cve.org/CVERecord?id=CVE-2023-28176 SRPMS: - 8/core/firefox-102.9.0-1.mga8 - 8/core/firefox-l10n-102.9.0-1.mga8 - 8/core/nss-3.89.0-1.mga8 . Recent security patches for Firefox on Mageia 8 tackle various vulnerabilities, including stability concerns and memory management flaws.. Firefox Security Update, Mageia Advisory, Memory Exploit, Software Patch. . LinuxSecurity.com Team
Mar 24, 2023
Mageia
98
security advisorysecurity issuered hat enterpriseCentOS Stream 9 CSA-2023:0821-01 Chromium Critical Vulnerability Patch
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:1705-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1705 Issue date: 2022-05-04 CVE Names: CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Security Fix(es): * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 (CVE-2022-29917) * Mozilla: Reader mode bypassed SameSite cookies (CVE-2022-29912) For more details about the security issue(s),including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2081468 - CVE-2022-29914 Mozilla: Fullscreen notification bypass using popups 2081469 - CVE-2022-29909 Mozilla: Bypassing permission prompt in nested browsing contexts 2081470 - CVE-2022-29916 Mozilla: Leaking browser history with CSS variables 2081471 - CVE-2022-29911 Mozilla: iframe Sandbox bypass 2081472 - CVE-2022-29912 Mozilla: Reader mode bypassed SameSite cookies 2081473 - CVE-2022-29917 Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-91.9.0-1.el8_5.src.rpm aarch64: firefox-91.9.0-1.el8_5.aarch64.rpm firefox-debuginfo-91.9.0-1.el8_5.aarch64.rpm firefox-debugsource-91.9.0-1.el8_5.aarch64.rpm ppc64le: firefox-91.9.0-1.el8_5.ppc64le.rpm firefox-debuginfo-91.9.0-1.el8_5.ppc64le.rpm firefox-debugsource-91.9.0-1.el8_5.ppc64le.rpm s390x: firefox-91.9.0-1.el8_5.s390x.rpm firefox-debuginfo-91.9.0-1.el8_5.s390x.rpm firefox-debugsource-91.9.0-1.el8_5.s390x.rpm x86_64: firefox-91.9.0-1.el8_5.x86_64.rpm firefox-debuginfo-91.9.0-1.el8_5.x86_64.rpm firefox-debugsource-91.9.0-1.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-29909 https://access.redhat.com/security/cve/CVE-2022-29911 https://access.redhat.com/security/cve/CVE-2022-29912 https://access.redhat.com/security/cve/CVE-2022-29914 https://access.redhat.com/security/cve/CVE-2022-29916 https://access.redhat.com/security/cve/CVE-2022-29917 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnKnNNzjgjWX9erEAQgWTxAAlYgLtuoFH7h9l5ywkuwhvmNtqULReU6z bG2uY0Bv69h4K+kDF3SRllpoYeODSFU7bwql8RsXxpM6qOuNlmUhyE3vomjnpBQa yxTHKZjgCmDs9/nW0jMm+U1GuQYx6UO2BPKmMhSGqAIqGPE1qNQu3Vr+urh9hZA+ +AGpce/ijLLxPb6l2sEbt5MIe38dfax3d36jZmtq7Orx+j9kRhG/7jx63k+5Q06u 99aUNBDmOMInqcYFJT7ySjv116y9vuiht/oDDhmf7JUNB41BBCN8EK9PXmpstLuk Es3A2CJDLT/eC0eKsdJjeAAY/TIE0GeExXYONiskih4d5TxOlgd/uU8HG+w7Q7OE 8Jg9jtxAvugttdEkby6YQQcr92tkkJNqB8Gfh0RsBCncuAwKiCdiKA1D2wMS7dZh 5yE6cNjODE8RPEsJa1d2xf1eJgTPXpuVSvJVZei58GQjts/W2Y4w8oQ6LJbkTNHT RO6efnDFzrSapSlwu1GS8Ceis/34qDr1g9WrmMEfMi1pX7t1XmUSNQChUui6evML GI+xupFAnTL+0xyme2Yg0T9gS9wTkQzUR2PIynV9yAFWByWNGcvtF6UPl1pCcLdY RpI6bBvbzdiAuSK0ek06b8dsrBMdAOcP4dvbfDILdLpIZZXTzDpXsK0enrCxhF8P 9OMYHQVrGxc=vmpR -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 04, 2022
•Important
Red Hat
200
security advisoryupdateimportantScientific Linux 7.x SLSA-2021-3498-1 Critical: Firefox Memory Safety Fix
This update upgrades Firefox to version 78.14.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - firefox-78.14.0-1.el7_9.i686.rpm - firefox-78.14.0-1.el7_9.x86_64.r [More...]. Synopsis: Important: firefox security update Advisory ID: SLSA-2021:3498-1 Issue Date: 2021-09-13 CVE Numbers: CVE-2021-38493 -- This update upgrades Firefox to version 78.14.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - firefox-78.14.0-1.el7_9.i686.rpm - firefox-78.14.0-1.el7_9.x86_64.rpm - firefox-debuginfo-78.14.0-1.el7_9.x86_64.rpm -- - Scientific Linux Development Team . Important security patch for Firefox on Scientific Linux 7.x, addressing memory safety vulnerabilities found in current releases.. Firefox Memory Safety Update, Scientific Linux Upgrade, Firefox Security Fix. . Severity: Critical. LinuxSecurity.com Team
Sep 13, 2021
•Critical
Scientific Linux
98
security advisorysecurity updatecriticalRed Hat Enterprise Linux: RHSA-2019-0672-01 Critical: Firefox Threat
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2019:0672-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0672 Issue date: 2019-03-27 CVE Names: CVE-2019-9810 CVE-2019-9813 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix(es): * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) For more details about the security issue(s), including theimpact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1692181 - CVE-2019-9810 Mozilla: IonMonkey MArraySlice has incorrect alias information 1692182 - CVE-2019-9813 Mozilla: Ionmonkey type confusion with __proto__ mutations 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-60.6.1-1.el6_10.src.rpm i386: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm x86_64: firefox-60.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-60.6.1-1.el6_10.src.rpm x86_64: firefox-60.6.1-1.el6_10.i686.rpm firefox-60.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-60.6.1-1.el6_10.src.rpm i386: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm ppc64: firefox-60.6.1-1.el6_10.ppc64.rpm firefox-debuginfo-60.6.1-1.el6_10.ppc64.rpm s390x: firefox-60.6.1-1.el6_10.s390x.rpm firefox-debuginfo-60.6.1-1.el6_10.s390x.rpm x86_64: firefox-60.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v.6): Source: firefox-60.6.1-1.el6_10.src.rpm i386: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm x86_64: firefox-60.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9810 https://access.redhat.com/security/cve/CVE-2019-9813 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXJtGJ9zjgjWX9erEAQgdkw//fSt0QVv6EDP6dvUukVA5BYzmYAFoxKdy QVUdEjl37BhczR+9tlRUPWpBx60I2R0EI1gRO/fecazn1g4A3cplX0vbXnw63nff nrdW24CXMjD7ph7jPr5n8LLO0LK8ZWWo/L4PJLYofN0DK1Gf6gm8YIdthbbuRx2f XEjP48iuvCjdKjf9IG1AnGYs1oCTANbN/Y5Z00D7fI+OZZ8aduGFemHalTVUBX+r flZzGi1WEu1NiE9Zi7Eyq554noekGAMSZcqM+tk60sRyZZyN/92Wr72m+NKhbExA zoLqKRpJ6ynieBm5DPnw3F2Xx4PCkO3Bw4cpa4S85zVgY+9e+q5ZMJjfg8YVsWST 9OrwEbjLaG1WN9S7ldx3fpcpfvOEKkmFvbCFISw6jH9RiuPaE9h/qId5mvAEHk46 KgcOzJND0fJZ6ldF+ARvH/rmYo3ypU+aH1pia7N5cm/hWx4IzlnKi6+QTzHpy13b MlOnmQU6400zPPjJcDJp7vbhjvlrAcQp7I36ZhH8K9gTpCD66rfusQzr3/geBeLG ykIOP0h/JeZN7TRmrEXbMzhNaXvhab9Uo97hftFJvXLgVzq+f72cy3YlbdAUBaHV tT6qiuwmXI+4yANQeILHSPjxlhrLoVvKLwumHnWAFx/wG0kSzyTNbEBnluL15IUJ /IlyiyV1D/4=2qFT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 27, 2019
•Critical
Red Hat
98
security advisoryupdatecriticalRed Hat 7.0 RHSA-2016-0695-01 Critical Firefox Code Execution Risk
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:0695-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0695.html Issue date: 2016-04-26 CVE Names: CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) -i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1330266 - CVE-2016-2805 Mozilla: Miscellaneous memory safety hazards (rv:38.8) (MFSA 2016-39) 1330270 - CVE-2016-2806 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1) (MFSA 2016-39) 1330271 - CVE-2016-2807 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39) 1330280 - CVE-2016-2814 Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44) 1330286 - CVE-2016-2808 Mozilla: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5client): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm ppc: firefox-45.1.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.1.0-1.el5_11.ppc64.rpm s390x: firefox-45.1.0-1.el5_11.s390.rpm firefox-45.1.0-1.el5_11.s390x.rpm firefox-debuginfo-45.1.0-1.el5_11.s390.rpm firefox-debuginfo-45.1.0-1.el5_11.s390x.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm ppc64: firefox-45.1.0-1.el6_7.ppc64.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc64.rpm s390x: firefox-45.1.0-1.el6_7.s390x.rpm firefox-debuginfo-45.1.0-1.el6_7.s390x.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): ppc64: firefox-45.1.0-1.el6_7.ppc.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc.rpm s390x: firefox-45.1.0-1.el6_7.s390.rpm firefox-debuginfo-45.1.0-1.el6_7.s390.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm ppc64: firefox-45.1.0-1.el7_2.ppc64.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64.rpm ppc64le: firefox-45.1.0-1.el7_2.ppc64le.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64le.rpm s390x: firefox-45.1.0-1.el7_2.s390x.rpm firefox-debuginfo-45.1.0-1.el7_2.s390x.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.1.0-1.el7_2.ppc.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc.rpm s390x: firefox-45.1.0-1.el7_2.s390.rpm firefox-debuginfo-45.1.0-1.el7_2.s390.rpm x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our keyand details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2806 https://access.redhat.com/security/cve/CVE-2016-2807 https://access.redhat.com/security/cve/CVE-2016-2808 https://access.redhat.com/security/cve/CVE-2016-2814 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.1 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXH8/EXlSAg2UNWIIRAj5ZAJ93d7Su/OfHkvkL014ZpCUSQSEB0wCfdAuD LPsv5fO9FBEQweSvgB3gbg8=6q/V -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 26, 2016
•Critical
Red Hat
98
security advisorycross-site scriptingRed Hat EnterpriseRed Hat: RHSA-2012:1350-01 Critical: Firefox Security Issues Update
Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2012:1350-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1350.html Issue date: 2012-10-09 CVE Names: CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 ==================================================================== 1. Summary: Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64,s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991) Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994) Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili, miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White, moz_bug_r_a4, and Mariusz Mlynski as the original reporters ofthese issues. This update also fixes the following bug: * In certain environments, storing personal Firefox configuration files (~/.mozilla/) on an NFS share, such as when your home directory is on a NFS share, led to Firefox functioning incorrectly, for example, navigation buttons not working as expected, and bookmarks not saving. This update adds a new configuration option, storage.nfs_filesystem, that can be used to resolve this issue. If you experience this issue: 1) Start Firefox. 2) Type "about:config" (without quotes) into the URL bar and press the Enter key. 3) If prompted with "This might void your warranty!", click the "I'll be careful, I promise!" button. 4) Right-click in the Preference Name list. In the menu that opens, select New -> Boolean. 5) Type "storage.nfs_filesystem" (without quotes) for the preference name and then click the OK button. 6) Select "true" for the boolean value and then press the OK button. (BZ#809571, BZ#816234) All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.8 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851912 - CVE-2012-1956 Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59) 863614 - CVE-2012-3982 Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74) 863618 - CVE-2012-3986 Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77) 863619 - CVE-2012-3988 Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79) 863621 - CVE-2012-3991 Mozilla: GetProperty function can bypass security checks (MFSA2012-81) 863622 - CVE-2012-3994 Mozilla: top object and location property accessible by plugins (MFSA 2012-82) 863623 - CVE-2012-3993 CVE-2012-4184 Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83) 863624 - CVE-2012-3992 Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84) 863625 - CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85) 863626 - CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86) 863628 - CVE-2012-3990 Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: firefox-10.0.8-1.el5_8.i386.rpm firefox-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-10.0.8-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm x86_64: firefox-10.0.8-1.el5_8.i386.rpm firefox-10.0.8-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.8-1.el5_8.i386.rpm firefox-debuginfo-10.0.8-1.el5_8.x86_64.rpm xulrunner-10.0.8-1.el5_8.i386.rpm xulrunner-10.0.8-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.8-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-devel-10.0.8-1.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.8-1.el5_8.x86_64.rpm xulrunner-devel-10.0.8-1.el5_8.i386.rpm xulrunner-devel-10.0.8-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: firefox-10.0.8-1.el5_8.i386.rpm firefox-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-10.0.8-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-devel-10.0.8-1.el5_8.i386.rpm ia64: firefox-10.0.8-1.el5_8.ia64.rpm firefox-debuginfo-10.0.8-1.el5_8.ia64.rpm xulrunner-10.0.8-1.el5_8.ia64.rpm xulrunner-debuginfo-10.0.8-1.el5_8.ia64.rpm xulrunner-devel-10.0.8-1.el5_8.ia64.rpm ppc: firefox-10.0.8-1.el5_8.ppc.rpm firefox-debuginfo-10.0.8-1.el5_8.ppc.rpm xulrunner-10.0.8-1.el5_8.ppc.rpm xulrunner-10.0.8-1.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.8-1.el5_8.ppc.rpm xulrunner-debuginfo-10.0.8-1.el5_8.ppc64.rpm xulrunner-devel-10.0.8-1.el5_8.ppc.rpm xulrunner-devel-10.0.8-1.el5_8.ppc64.rpm s390x: firefox-10.0.8-1.el5_8.s390.rpm firefox-10.0.8-1.el5_8.s390x.rpm firefox-debuginfo-10.0.8-1.el5_8.s390.rpm firefox-debuginfo-10.0.8-1.el5_8.s390x.rpm xulrunner-10.0.8-1.el5_8.s390.rpm xulrunner-10.0.8-1.el5_8.s390x.rpm xulrunner-debuginfo-10.0.8-1.el5_8.s390.rpm xulrunner-debuginfo-10.0.8-1.el5_8.s390x.rpm xulrunner-devel-10.0.8-1.el5_8.s390.rpm xulrunner-devel-10.0.8-1.el5_8.s390x.rpm x86_64: firefox-10.0.8-1.el5_8.i386.rpm firefox-10.0.8-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.8-1.el5_8.i386.rpm firefox-debuginfo-10.0.8-1.el5_8.x86_64.rpm xulrunner-10.0.8-1.el5_8.i386.rpm xulrunner-10.0.8-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.8-1.el5_8.x86_64.rpm xulrunner-devel-10.0.8-1.el5_8.i386.rpm xulrunner-devel-10.0.8-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v.6): Source: i386: firefox-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm x86_64: firefox-10.0.8-1.el6_3.i686.rpm firefox-10.0.8-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: firefox-10.0.8-1.el6_3.i686.rpm firefox-10.0.8-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: firefox-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm ppc64: firefox-10.0.8-1.el6_3.ppc.rpm firefox-10.0.8-1.el6_3.ppc64.rpm firefox-debuginfo-10.0.8-1.el6_3.ppc.rpm firefox-debuginfo-10.0.8-1.el6_3.ppc64.rpm xulrunner-10.0.8-1.el6_3.ppc.rpm xulrunner-10.0.8-1.el6_3.ppc64.rpm xulrunner-debuginfo-10.0.8-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.8-1.el6_3.ppc64.rpm s390x: firefox-10.0.8-1.el6_3.s390.rpm firefox-10.0.8-1.el6_3.s390x.rpm firefox-debuginfo-10.0.8-1.el6_3.s390.rpm firefox-debuginfo-10.0.8-1.el6_3.s390x.rpm xulrunner-10.0.8-1.el6_3.s390.rpm xulrunner-10.0.8-1.el6_3.s390x.rpm xulrunner-debuginfo-10.0.8-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.8-1.el6_3.s390x.rpm x86_64: firefox-10.0.8-1.el6_3.i686.rpm firefox-10.0.8-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm ppc64: xulrunner-debuginfo-10.0.8-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.8-1.el6_3.ppc64.rpm xulrunner-devel-10.0.8-1.el6_3.ppc.rpm xulrunner-devel-10.0.8-1.el6_3.ppc64.rpm s390x: xulrunner-debuginfo-10.0.8-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.8-1.el6_3.s390x.rpm xulrunner-devel-10.0.8-1.el6_3.s390.rpm xulrunner-devel-10.0.8-1.el6_3.s390x.rpm x86_64: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: firefox-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm x86_64: firefox-10.0.8-1.el6_3.i686.rpm firefox-10.0.8-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.8-1.el6_3.i686.rpm firefox-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-10.0.8-1.el6_3.i686.rpm xulrunner-10.0.8-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.8-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.8-1.el6_3.x86_64.rpm xulrunner-devel-10.0.8-1.el6_3.i686.rpm xulrunner-devel-10.0.8-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2012-1956 https://access.redhat.com/security/cve/CVE-2012-3982 https://access.redhat.com/security/cve/CVE-2012-3986 https://access.redhat.com/security/cve/CVE-2012-3988 https://access.redhat.com/security/cve/CVE-2012-3990 https://access.redhat.com/security/cve/CVE-2012-3991 https://access.redhat.com/security/cve/CVE-2012-3992 https://access.redhat.com/security/cve/CVE-2012-3993 https://access.redhat.com/security/cve/CVE-2012-3994 https://access.redhat.com/security/cve/CVE-2012-3995 https://access.redhat.com/security/cve/CVE-2012-4179 https://access.redhat.com/security/cve/CVE-2012-4180 https://access.redhat.com/security/cve/CVE-2012-4181 https://access.redhat.com/security/cve/CVE-2012-4182 https://access.redhat.com/security/cve/CVE-2012-4183 https://access.redhat.com/security/cve/CVE-2012-4184 https://access.redhat.com/security/cve/CVE-2012-4185 https://access.redhat.com/security/cve/CVE-2012-4186 https://access.redhat.com/security/cve/CVE-2012-4187 https://access.redhat.com/security/cve/CVE-2012-4188 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQdLY5XlSAg2UNWIIRAnUqAJ9FqrMrVYnAK3BMSWKCymdzOlzQ5QCfWUID kHcy4qAvdwVc9y68bU/dleM=bsu8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 09, 2012
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!