Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1404 firefox security update 27 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-29946 CVE-2021-29945 CVE-2021-24002 CVE-2021-23999 CVE-2021-23998 CVE-2021-23995 CVE-2021-23994 CVE-2021-23961 Reference: ESB-2021.1393 ESB-2021.1390 ESB-2021.1327 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:1360 https://access.redhat.com/errata/RHSA-2021:1361 https://access.redhat.com/errata/RHSA-2021:1362 https://access.redhat.com/errata/RHSA-2021:1363 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:1360-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1360 Issue date: 2021-04-26 CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-78.10.0-1.el8_3.src.rpm aarch64: firefox-78.10.0-1.el8_3.aarch64.rpm firefox-debuginfo-78.10.0-1.el8_3.aarch64.rpm firefox-debugsource-78.10.0-1.el8_3.aarch64.rpm ppc64le: firefox-78.10.0-1.el8_3.ppc64le.rpm firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm s390x: firefox-78.10.0-1.el8_3.s390x.rpm firefox-debuginfo-78.10.0-1.el8_3.s390x.rpm firefox-debugsource-78.10.0-1.el8_3.s390x.rpm x86_64: firefox-78.10.0-1.el8_3.x86_64.rpm firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23961 https://access.redhat.com/security/cve/CVE-2021-23994 https://access.redhat.com/security/cve/CVE-2021-23995 https://access.redhat.com/security/cve/CVE-2021-23998 https://access.redhat.com/security/cve/CVE-2021-23999 https://access.redhat.com/security/cve/CVE-2021-24002 https://access.redhat.com/security/cve/CVE-2021-29945 https://access.redhat.com/security/cve/CVE-2021-29946 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIahPtzjgjWX9erEAQizTg//ccaflllRZhoozYES3WC8jRTpTW2Hewre Hhoh2Qr328yH4f7sUr6IGsW/7+ta0oYD7x2sI+X/Xd3Y3hE7nEkwKG9nbjoiorK9 qZoGffWIYLih49o/Yd7jQ4ruqQlLiiqv3atikpnwxsgyEFglvfZ1bRVJMyb7rSHx ivYIuZtLxnXVDjQLzL+3EawsZeen6SVCJ/Wr0eYSzXsj/RUtQPeSxeQm6/8y7ckA 5ab5eDf2dBsGwUqgInEJhTn/r08pVwmMifKkPYDhmLhEGw86s+XXEvqzaLqr0zDa 8aiRyruRTkxce+3PCgEfzEXE76iwp0+oCmzgCp2M0012bqWImZX7HlRn67F/FkAF yXidsEPe9dfMfOcjUV6hhajxh6hZIpSY5Aq+CarxRK5Qu1ng57hrZn4VzHNhu5ee Qq+aWRMKU43um768d2W7e7RM/OTKRS8Kl5yH3k6UR9w04PKcFEMMUEdlZu4oiAKg uZx9Ij25Dnl/FRrBxMrCh/M+cndoMI5H6B9GkGGJypsvETIbMiedJUYD3kSCXkF7 94UkShwn4v+3Ko543N65FxjFHjCf+zG8HfVhsZyFVhE6PZllGJxP7NpLvT69Ib0M x1oYhpfw6PXY+HgqXaQc7/iyn2/EFgtMIiYvLSxoroB/tjiROte0NchIcJ+tjYEh 6kcqGeaOe24= =NvLu - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:1361-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1361 Issue date: 2021-04-26 CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: firefox-78.10.0-1.el8_2.src.rpm aarch64: firefox-78.10.0-1.el8_2.aarch64.rpm firefox-debuginfo-78.10.0-1.el8_2.aarch64.rpm firefox-debugsource-78.10.0-1.el8_2.aarch64.rpm ppc64le: firefox-78.10.0-1.el8_2.ppc64le.rpm firefox-debuginfo-78.10.0-1.el8_2.ppc64le.rpm firefox-debugsource-78.10.0-1.el8_2.ppc64le.rpm s390x: firefox-78.10.0-1.el8_2.s390x.rpm firefox-debuginfo-78.10.0-1.el8_2.s390x.rpm firefox-debugsource-78.10.0-1.el8_2.s390x.rpm x86_64: firefox-78.10.0-1.el8_2.x86_64.rpm firefox-debuginfo-78.10.0-1.el8_2.x86_64.rpm firefox-debugsource-78.10.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23961 https://access.redhat.com/security/cve/CVE-2021-23994 https://access.redhat.com/security/cve/CVE-2021-23995 https://access.redhat.com/security/cve/CVE-2021-23998 https://access.redhat.com/security/cve/CVE-2021-23999 https://access.redhat.com/security/cve/CVE-2021-24002 https://access.redhat.com/security/cve/CVE-2021-29945 https://access.redhat.com/security/cve/CVE-2021-29946 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIak/tzjgjWX9erEAQhfBA/9EmBBuAYkmUjm10Eg6Ym/DiQTNybKS/UC iZR7AIy5jR8xAvhfGzloW2axl0BUk4BYt8X4WkEmf4Q6GNvTcplurmCDuBYD3C0z j3EVgsn/Axpfr7xL8eaObKsc0qWUkB2e86DgnmJ2zz2JUguPTVkJWk9NV7KYiqnv DGwN7FuhGnFwrkSzJcBFTm1Pp4dgwqeJr8a/iCYvwm842/lnO2nXYXBTrXxiLINS 8DQJ5vEcqTP2QFWd2axBoukoF03zkTtU7WVAQU0Cs9PB3TZGGYRuCpZsdfgUkjmk oOYA6Y3lT3afQ2dK5HaT8E/F7jmnWVzchB3zP/yMrYPvdOl3Weo2/HpYpSdTjlLu NMdpX0GKNdFzyixZ22K7hSFQPJNgsq6+zuJWxajBF5fNEOoI9X8eQgA3/8VV0HiA qi3Tn70KYlTfjodcFxAc17pHjZ0UiakeSbAZ9QZ4ltV89qVXsbI2Zf8EPuoZN+Dv 5MA0IJOZaLAiaVz8oNoGXt6M5yBFGeSME9HD0RHicQPcfWWISJglWlk9oQnMnUWv CoFHHKrMCQ9q2ty/DPZKi31tc7dQVhf/dcm+NlFa9Uix7e2wIXsVPoUYZh3cTnfx p9xdlzD/8pCSGA72gMsGL9b34I+17kNwOOw9lobecpU5X3+YLr7uKMSL0t7g6W6r khzJopw4knc= =ZyGQ - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:1362-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1362 Issue date: 2021-04-26 CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: firefox-78.10.0-1.el8_1.src.rpm aarch64: firefox-78.10.0-1.el8_1.aarch64.rpm firefox-debuginfo-78.10.0-1.el8_1.aarch64.rpm firefox-debugsource-78.10.0-1.el8_1.aarch64.rpm ppc64le: firefox-78.10.0-1.el8_1.ppc64le.rpm firefox-debuginfo-78.10.0-1.el8_1.ppc64le.rpm firefox-debugsource-78.10.0-1.el8_1.ppc64le.rpm s390x: firefox-78.10.0-1.el8_1.s390x.rpm firefox-debuginfo-78.10.0-1.el8_1.s390x.rpm firefox-debugsource-78.10.0-1.el8_1.s390x.rpm x86_64: firefox-78.10.0-1.el8_1.x86_64.rpm firefox-debuginfo-78.10.0-1.el8_1.x86_64.rpm firefox-debugsource-78.10.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23961 https://access.redhat.com/security/cve/CVE-2021-23994 https://access.redhat.com/security/cve/CVE-2021-23995 https://access.redhat.com/security/cve/CVE-2021-23998 https://access.redhat.com/security/cve/CVE-2021-23999 https://access.redhat.com/security/cve/CVE-2021-24002 https://access.redhat.com/security/cve/CVE-2021-29945 https://access.redhat.com/security/cve/CVE-2021-29946 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIahA9zjgjWX9erEAQjUmQ/9HW1avsMCMSDH5mBkJLBoCii1+7W+KxzQ 8opEZUkdZtRlWEILIvvZQq9ebJChZib8nkKQV2InLDZQcg5MOkjPrRgTRjQAzap4 hl3oYgfKKFL+hSSUNJAgoapCPznC7o5KpSOBiKrH85SlcqfPmNBgGoa9HvAkQ+49 hGo363dwLKvkTTeuG3CCA7tPF2A5kwocUaFadVvD08rJu+8vA06+Dsy0ltSZQEtC 9ise1HrImxEqnDqq8+fNvjzXRg5RkUd0VsOcmBhjD7mtRNYcNZc1vDINlcNjy/gX fO/lfME/tgZR0KfmmQ3nF1XAl+1cru/nwVVDeG79LuBOFzPsBXryUXEpn6PI7qhq 9fXfFfkfcelo/lTqzsVj0Eb89eMgRfOr4HJ0/MEOybHTfbbeKBWYpH0Dd4sOdELT uBvnBAmFPuwN5RN16KNnIhvhTti4+/f/IQs4AIUO+EafgIyk+UDhRQ2iRVbBSEJF HtQ8P4CDmMM5s7EqKIuY3T6S0CXG0PzkbeXDry3c6GkG7tRMvzdlV8nFKCSe0mGJ I6tUV660fMPQ/AX1fUmaeKFwKbUcqy8v6ez+ITyN+dVoApKaG8S6kSFn2Xdd5178 DXfgCLHPDslNhSVMyIXbydO0q/RkPVV7B6AwQN0Cs1FPwUYDCrIikJ2yX3Swn0uu 7MDNLBukpzM= =xfHz - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:1363-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1363 Issue date: 2021-04-26 CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-78.10.0-1.el7_9.src.rpm x86_64: firefox-78.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-78.10.0-1.el7_9.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-78.10.0-1.el7_9.src.rpm ppc64: firefox-78.10.0-1.el7_9.ppc64.rpm firefox-debuginfo-78.10.0-1.el7_9.ppc64.rpm ppc64le: firefox-78.10.0-1.el7_9.ppc64le.rpm firefox-debuginfo-78.10.0-1.el7_9.ppc64le.rpm s390x: firefox-78.10.0-1.el7_9.s390x.rpm firefox-debuginfo-78.10.0-1.el7_9.s390x.rpm x86_64: firefox-78.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-78.10.0-1.el7_9.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-78.10.0-1.el7_9.src.rpm x86_64: firefox-78.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-78.10.0-1.el7_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23961 https://access.redhat.com/security/cve/CVE-2021-23994 https://access.redhat.com/security/cve/CVE-2021-23995 https://access.redhat.com/security/cve/CVE-2021-23998 https://access.redhat.com/security/cve/CVE-2021-23999 https://access.redhat.com/security/cve/CVE-2021-24002 https://access.redhat.com/security/cve/CVE-2021-29945 https://access.redhat.com/security/cve/CVE-2021-29946 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIao+tzjgjWX9erEAQhzmQ/8DhtWDBfzXnyfQdPYghi3dH/nSeN5IYQZ 7RVywLz0EITJPS0peSM1ufBu9raeAe7M7Zx92usePp7ceTYXdGu3tUPDahVGRo6y A+c9VGiK8SGPfwYc8QvG7DLkjZXrmmSrP8TFB7fChe6yeJVNPc5+FCoiMEdiv4l8 99VsuUeMlkhgtI0B0KmcKeqO6gziKnb42mCsOCt6vf7CDLNN/eL3FHR/YW5DJmzm A7VBogIh94m936RJQfCq+MTY6R1+kjo698FqoNX0Nz95oJlzgVQVwzH60z/vGJFO isanqciJ76p7yoUr0Yvv7CzZiXH22WazFKzQovd72SSNEj2ZRLLlNFCWhPyPyB4F wFJC/ndcYcfFEP+0aJ5UMS32YlT5v32qDHY3Ti8YTsUqZtwmJgnK6YlAuJLQUTUU IVHLbx9dNWrsrrW6SFAByhdnRh4lQcvsPmXWUye2t7BVF3eOCiPSo8c0ctIjLkri TRZr23e+55DlAWGXCvgQMXMIlf60+vGFW1J6wA9I2J1E09Jj0q9RCqnEWecddVBM n2KmROd9ZrU+RNiW+cv23roRg6We7fgCURXKWMOHmlX37WOfSZ5ZWAb4T9DICZw0 ad/8LyVCalZlOpignUfAxsC/htothdQJ7pL2rCm4nw7Q4U+IW9c9KZfMQAknvbgB TXe44sBy4Ik= =G+j3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYIdnHeNLKJtyKPYoAQhLDRAAkg+rtfM+QYZAYHBNdo7pkvAwrM8qwObE POpmEctwlFYL1aAfmysoN6207hThs62cGPlme8qrpEaqKADPB57KYya8L7r77xhs Dj+uJkhTR1+Sl+Hhn7QYo/TO0MjzqPRsjaziVCpoxbOdGPCLYYkkqQe7Akp6ZAGI h8onu/HodLhAs9v8cGcRl9Mn1pyixd5U4k2864N2n/07ips1q5OsVkpp5O+heKDd YEis01bwYyA2pBUqRlngRRzcdvanAOh61NXSLb8AEc6n7XSbShRIjyaejtS/vIH8 NJGiLxH3+Z94P4cHT6kPygptUsOCkmLax9xC931vfj/UU1Ycx5sRr6D5hToBfZSw nJD/b66Tv5mdQ8VVmdpSSlbgdelWFZkhXTip4ltSGGiuglJWc9UvZ5tdMmxJXYdJ A4ttxJHLdIrpyXIPyxYRROJtjsxZDSdq5B7KjqLpAyJ6HlVUGzPH0cQq/R6fyQM1 G7X6WImdxEFv+2ZhZdLMXkszgBCkr5JSCXXqjujnudHveqcuFChPu6OeIU53yfY2 eMLEBzvbjaQwT+ZZRwbbMfya+a0+6jUxWOlI/XuwJUjgEToSmgWmAxVt2cVblfhE Wi2MG98DbiFC3+VPHrOD0VwixFsNpLCAG1yDC7q7Dbs7I+Bqy81gOpxrnF0Lq/b/ OIsGY61i6kI= =SNou -----END PGP SIGNATURE-----