Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1929 firefox security update 4 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 Reference: ESB-2020.1920 ESB-2020.1919 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:2378 https://access.redhat.com/errata/RHSA-2020:2379 https://access.redhat.com/errata/RHSA-2020:2380 https://access.redhat.com/errata/RHSA-2020:2381 https://access.redhat.com/errata/RHSA-2020:2382 Comment: This bulletin contains five (5) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2378-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2378 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-68.9.0-1.el6_10.src.rpm i386: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm x86_64: firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-68.9.0-1.el6_10.src.rpm x86_64: firefox-68.9.0-1.el6_10.i686.rpm firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-68.9.0-1.el6_10.src.rpm i386: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm ppc64: firefox-68.9.0-1.el6_10.ppc64.rpm firefox-debuginfo-68.9.0-1.el6_10.ppc64.rpm s390x: firefox-68.9.0-1.el6_10.s390x.rpm firefox-debuginfo-68.9.0-1.el6_10.s390x.rpm x86_64: firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-68.9.0-1.el6_10.src.rpm i386: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm x86_64: firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtd36tzjgjWX9erEAQhgXA/7B45JvcDFS4meBXMCohjMzr/Hp2dknB2f +O7uCtY55Mt4u2KSerFZ01vPtp5qlvohwETfqPhMSBE5MXvx6B2Z+KWdYKO72ht8 ey2Wz5Q0Z/IrDPq8/xdQAsfhP+uCX+1v7Eucz+hwHkK8W4NujXXtGhxFRDpBMPqr NjXElQbcsN82jab7NYjOWGoEYGQITNk6B4ptyAq0Ql+V5f4eoJ9mdqx34xz+oL6j z/WoxniKQ6HbRaOZklX7bGu5q9W3so9mH0pJcLvRMjEuy6XStHGF3eBbzIQWCYr6 ahRU2jliA/pXndhRPfU83ldh3ONbkdQWWMbSbqJykf7p1X1pZw7cIhTV244x0Z2u WAmwKaPqUDSs4aX+7u0eQ18W9/t5QND9t0YFSIaUncJHKD88tN6Hd4hRXKehOCTY C02lQ942RqHOGylLWbiNX0LSZdyaxhQJB+psgaz97UMf9KtZ9wItqI2MahCwB4gZ kkXIEv53HAuzwxeH+fR+7SHN1COMnw2qLfpyMresZ68TLjxmTvFKOf4h4SHrqaKA U0xCP0Et5mcA1svxCOlPi5h9UiZl/vEuOH+vmeVYPHioziMSKeWrN6c+guxi9/o6 /lSHHFY6xxWus2+IDIZ6L81O2Np742kTpZAAARTIRIwCSY5FFfmfP821hgD05rcs jFHpF/9ZfRY= =QMCf - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2379-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2379 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-68.9.0-1.el8_2.src.rpm aarch64: firefox-68.9.0-1.el8_2.aarch64.rpm firefox-debuginfo-68.9.0-1.el8_2.aarch64.rpm firefox-debugsource-68.9.0-1.el8_2.aarch64.rpm ppc64le: firefox-68.9.0-1.el8_2.ppc64le.rpm firefox-debuginfo-68.9.0-1.el8_2.ppc64le.rpm firefox-debugsource-68.9.0-1.el8_2.ppc64le.rpm s390x: firefox-68.9.0-1.el8_2.s390x.rpm firefox-debuginfo-68.9.0-1.el8_2.s390x.rpm firefox-debugsource-68.9.0-1.el8_2.s390x.rpm x86_64: firefox-68.9.0-1.el8_2.x86_64.rpm firefox-debuginfo-68.9.0-1.el8_2.x86_64.rpm firefox-debugsource-68.9.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtdjhtzjgjWX9erEAQjg/g/+IQpJJl5Ee8dyGA6mL31Okp8gn4lYzInq m+FtQuaz8mzAeNFkpXCP7LFpXSi4Cfszjvw6BYvntNNU9B+Wi0baDsA8uJPYCQJ1 tx/2qzSF3WXOyTXWD+mm1rAPCdbMcYM4+UfpYgwB7us8swnNVfatMpewbvb5idRf T5z+LcU54/oQRQXjjWhdvwHP88BSnIAman3NbXzIQ7lgVMcqMBgLNupRYcujsvBL Qm7FviECsMIgOJ0DmQ7903N3Rxm9l0NZTFe7n2ZGbIRL/9e0vnvTtIyvlD9yxisb loEFfr9BZTLIMkEbotVftg4c+j7rd0QNiA9+QtHxwRgcyXbjRRkmxmNJ7QBtjUb/ H00PEGGtfRq3Zhn7jRKW3xE3eV5hU2MCE3cLueBaKNkXicU/Z/FIUYArSsCNjMHK LsY9F/na99tbsXzlrwC7nE8J3J+8qZwyYJnAKs68K5AzTutD0xW71aRH7EHyVa1N r/BMoaL2CYSWuzi7y47o3QMlHUPpDA6eIjQLvVM/nJQ7xy2Ui8NrMIEyFY1zjYZN UiaWgDsiSonYogLxfwqdGcvOIiQjptlvO9rKRvDF2joy+5CCJJAys63W804H5xaX dAWiRBoq3QSqFDiEGGroajzb9ToVARRPmVG9auB8E0tfj6HaE3N9KBSHMywuWWE9 dFFCySd3MH4= =PkdX - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2380-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2380 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: firefox-68.9.0-1.el8_1.src.rpm aarch64: firefox-68.9.0-1.el8_1.aarch64.rpm firefox-debuginfo-68.9.0-1.el8_1.aarch64.rpm firefox-debugsource-68.9.0-1.el8_1.aarch64.rpm ppc64le: firefox-68.9.0-1.el8_1.ppc64le.rpm firefox-debuginfo-68.9.0-1.el8_1.ppc64le.rpm firefox-debugsource-68.9.0-1.el8_1.ppc64le.rpm s390x: firefox-68.9.0-1.el8_1.s390x.rpm firefox-debuginfo-68.9.0-1.el8_1.s390x.rpm firefox-debugsource-68.9.0-1.el8_1.s390x.rpm x86_64: firefox-68.9.0-1.el8_1.x86_64.rpm firefox-debuginfo-68.9.0-1.el8_1.x86_64.rpm firefox-debugsource-68.9.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtdmktzjgjWX9erEAQiO3g/+NZxkSEuEBm6qDpxKAo2LnIU8AncKqs9M 7KBPUxtgmJFZUyEGLGPQ4g52f+v0/AvciH3gUAj6UvWr3twBuaspEDu+IvFaWPHd w2OLX9tq9YS9xdSTkwpabMXBZTXkE+aOTiSzlc7iEx90tR2m8FR4aa4uDC8cfXQ0 4X8eg980CPXMprS9inifIVWtXdLN1oGToKKge5jBpzVi98kcCjh2hQquLEIJNtrK GCYiH3X0V0XUa5fdOVX2kPQPDG2jG1wxOQI1dIi10FkBpXMDvKzkVndu+dUjut3T ucCnLLOpiqT7PqcUK7rmZxx7NkccUVcv+kiQ57RkIr2ZKb5IAETZ/yH0GhCdoelK 8n4wgOUmyDPluXfaCqePzuWbxF4QGrbiRZmehSrV3VNExX6FMtcVlxzxhxIU9sDq MWmHrUWqSYfXXLtkUCy/F22vnqchublKWe7E1Z7n0Nu23NA19eLxTpbEr2r5+rpa FdTp4zhOIeKEcI9HBNqOubv1srcAO9E5/x8rNcc2B1pzu7qkDE/B0LM0XVMqjgTW yztf/BRok9IAuQCF1ITifmD2oDmCCTxK0brGZlyN89I/scfakdAgtBziQMIUNSUt ZmF3HS+ebL59uenqrzD+J3ZU5J6cR8J6wddJrjdlZ8T4CHG/9SJw4eXN807OqzrF aGKRsBBEpbE= =NJpK - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2381 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-68.9.0-1.el7_8.src.rpm x86_64: firefox-68.9.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.9.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-68.9.0-1.el7_8.i686.rpm firefox-debuginfo-68.9.0-1.el7_8.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-68.9.0-1.el7_8.src.rpm ppc64: firefox-68.9.0-1.el7_8.ppc64.rpm firefox-debuginfo-68.9.0-1.el7_8.ppc64.rpm ppc64le: firefox-68.9.0-1.el7_8.ppc64le.rpm firefox-debuginfo-68.9.0-1.el7_8.ppc64le.rpm s390x: firefox-68.9.0-1.el7_8.s390x.rpm firefox-debuginfo-68.9.0-1.el7_8.s390x.rpm x86_64: firefox-68.9.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.9.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-68.9.0-1.el7_8.i686.rpm firefox-debuginfo-68.9.0-1.el7_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-68.9.0-1.el7_8.src.rpm x86_64: firefox-68.9.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.9.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-68.9.0-1.el7_8.i686.rpm firefox-debuginfo-68.9.0-1.el7_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtflXtzjgjWX9erEAQiTgg//VHwSOV3Dql6EjKDBMgIQwzfBJ06vSLkm Cb4QDOOTCW0QynZTavR5nnaepln/66aMjmASQ2VD2aOdwiAS76nL1aLFr98RJnSK AKHL8K7N74V/yDeB4NqgEFnaAyA6P9Ze9m24yr+kZkhhYUYB9ZW1D3pIiyByeACc cw6gn/I7+trWV04Bz1SXeiTHakUA1aNa4yY2Tfy5WqN2+zcQ5bH36f66PjvmW7CJ TUWfegRFEfTLfl8ridfXdRL/y6BFZe0KVqFvly/k8faW8aZZXACpcgl0a/ISRFzB aJxfmoT44NucFlFPIdcBcX2Hs1hHdt01hC/D6Ba+MKGPz7QjlV8we8+rqa3MiEPX ZRBrx4LjmDxPJ3naowrCj8V/t+GOT891fdlVljLu9VcLW7drm566mWM8B8KaMrMf /TmW8yoSRmYGEjcAtXHbRK3AsG4rfAYIimwCkevpXvnn3aFI+t8QVAld0LPsWbWo KzgNxSin4Vv4D4G2JEKt5enm7iE7sf2NcyxBAXj+CyQSAtIWPqjyA+yn/eA/yVJ9 3LWFmmvDtLMirSKIDR6nEItIU9ikvN7RN1T6/OWdgzwktk0FUhQingG0nICOHvlH cP4amzyStRp09QbKHKBb5a56bTUNVW6Jxaqba1fAetcQETMSHlzCdJA6MCS0F1NG TIlmSmvw28U= =tMVH - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:2382-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2382 Issue date: 2020-06-03 CVE Names: CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: firefox-68.9.0-1.el8_0.src.rpm aarch64: firefox-68.9.0-1.el8_0.aarch64.rpm firefox-debuginfo-68.9.0-1.el8_0.aarch64.rpm firefox-debugsource-68.9.0-1.el8_0.aarch64.rpm ppc64le: firefox-68.9.0-1.el8_0.ppc64le.rpm firefox-debuginfo-68.9.0-1.el8_0.ppc64le.rpm firefox-debugsource-68.9.0-1.el8_0.ppc64le.rpm s390x: firefox-68.9.0-1.el8_0.s390x.rpm firefox-debuginfo-68.9.0-1.el8_0.s390x.rpm firefox-debugsource-68.9.0-1.el8_0.s390x.rpm x86_64: firefox-68.9.0-1.el8_0.x86_64.rpm firefox-debuginfo-68.9.0-1.el8_0.x86_64.rpm firefox-debugsource-68.9.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12405 https://access.redhat.com/security/cve/CVE-2020-12406 https://access.redhat.com/security/cve/CVE-2020-12410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtefStzjgjWX9erEAQhJow/9GUOLe3fNW4ID8z3k28w4hewj7b9oZsnJ jJbiPKOuNHO13In8kwCNBkci3zuhuUpLztVBZSrEaLkfQwmv3VLthtvs19GnB2J1 br4DhRQFrWXOwHaz+n5+pFu4OKxp9LBlTY+++eOuD4osrPuPgIsUYsR8k9FP1hJ+ mN2Gee11yUtRubw3/Z2+TM2dYYWp5/d8jW49eOV8nzgrKge1qZ2rVJaUXEYoYECE TeqDWK1jc2BaAin4x8m8B8Nt3Cicbbul53mHrln6cTLjAnorchbe4BSc5zK1XS3t 2INYgUyd/rNh2MqoLe0YnJZdBmHlwgkJSWmM9l6BKwysoZuHUQt0+xGa0DQRJFLw tf4zkM4Gzbf0jaDr1zkIAI6WhaIt0SbUCcd4B/hsymXqCxFbc/jQAlSHibrkDnfS wYSauScvyuBGkoqJZHKgNNRbUf9P1oCHhMx0hwEvcyhB+D06QUcxOikgbo2MC63K zeF4ugiuoot52a199kEnb3YN8jMIwHP5xHsDgQPhIZvt2wegdS77J7GKyJatHuvg q8/R4Z3rHzgdnIMiu1U0sI5hmI6mwF2qyo4z3X7McdymuRnWvPrxQ3ydUYEIu7Nt svHoAL24h1Fwv2EYqm+5W0SUTQguX712vJY7ZC7zV7NDLbKKmwutidbtD8mK9fGZ oSHWBSLw6Dk= =3Erx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXtg8luNLKJtyKPYoAQhi9xAAqSicn0rbgtt6i0Ch77XcUdkeOBfaMiQK 97+wpe8G0rUTS8xbBQ09BwhbxURgqeFeT2tyQp4CAmaN7u9tjMvZDRPV9PEb675d XUuJYTbV1V/Lv6TfqQRm5qocjYCt3CKKE266l8d/wS+geHhhN7ClgrOSMcUhGR1b P4uEvtyqxplkUFaaCQoLai9E4hTkql9AjPsG6W6gpW/nqoeYgvM7PWZs+OGhlIrE j3hKoX0ZsWzfK7qsZ4hW91LmBV65cYQN6Ub6vhdeSR5uSYJ5L/LYo8LJFwzH8/SH J7B4IqSzlvm3o2xaWvwS2nPQAdc+hGP05EY5Ljd1kOVEQKWEGjcndaLO7qIqwTp1 GP7LZQiPujsFUaPbgEFId1keGnY/S8DTRkc/lShcHxZ6UKHfWhSBpt3ZN+wCkFrC 7L33q6KHFRZeIDE1CDkhvBvxlEIul1RBGMFKSBIQGkyGSH4PhHFuEJk7yo+TYeI3 Hy/G29SPLQNJEs4HWsKHvgFe9bJITBZj7jytqLfPhfWdgJIHlb1lmpjcELD5gTGw wokv24Vc4ReKLmGnaPz4f0MopStMFfYUVovvGNOc03jcNKD1NyFvZu05+wEJNIzx 4W+p2duQNmxVPui5U8y3qxgDTQwB4Viu3irZ9WO1srpCIgk7bjRNCAuIApU+eq2e Zyto4o2G+oE= =XlFu -----END PGP SIGNATURE-----