Security Advisory Critical: firefox security update

Advisory: RHSA-2017:0558-1
Type: Security Advisory
Severity: Critical
Issued on: 2017-03-17
Last updated on: 2017-03-17
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Server TUS (v. 7.3)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2017-5428

Details

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Mozilla Firefox is an open source web browser.

Security Fix(es):

* A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5428)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day
Initiative as the original reporters.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
firefox-52.0-5.el7_3.src.rpm     MD5: 3d5b1e458cb5aaa7af9427bf3960f47f
SHA-256: 4a471b13e0e9859501443b00ebe8359c7cafb3dd01a3b6ffb24c2417b6d29e91
 
x86_64:
firefox-52.0-5.el7_3.i686.rpm     MD5: c93238cb3f61559c59368b0151b100d9
SHA-256: 568af2f4b10c4b08499ea0810755b618ad633c02c0cbe657ebc3153c890c88cc
firefox-52.0-5.el7_3.x86_64.rpm     MD5: 454ca07277fe1cb07cceddfa7ead1676
SHA-256: 968c51f5d3ed97511a0cce115524df9745740fa424a79d749b29f586e6be2715
firefox-debuginfo-52.0-5.el7_3.i686.rpm     MD5: 7ab5e825fb0eef005cc257308c4a2b2f
SHA-256: e5e40b3e92de2fd5c20f12a7f6f3077634f57678f1522fd99f9a2034a1bd5001
firefox-debuginfo-52.0-5.el7_3.x86_64.rpm     MD5: 8c4e904b319ec0be9c26fd9b001ca869
SHA-256: c91e8ea46b968c0aa1b70ba13e045379d22854c83fa61e4421053e2568c649bb
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
firefox-52.0-5.el7_3.src.rpm     MD5: 3d5b1e458cb5aaa7af9427bf3960f47f
SHA-256: 4a471b13e0e9859501443b00ebe8359c7cafb3dd01a3b6ffb24c2417b6d29e91
 
PPC:
firefox-52.0-5.el7_3.ppc.rpm     MD5: de09bbb0fb7bb72e84df61e9438e552c
SHA-256: 1621e221d75c270066d2e99bddd36bb5bf086544ea90f18183472216b66cd787
firefox-52.0-5.el7_3.ppc64.rpm     MD5: 310162f7c69ffd4e8b05a1ba6c088aae
SHA-256: f382f470913facdcf9c2b9a9186bb6924579a693991511b0fff138dd25cd2641
firefox-debuginfo-52.0-5.el7_3.ppc.rpm     MD5: ed48724d6f20658a97298441112f310b
SHA-256: 00f5e37ba6a006fea44a2a188fe46e6848d8a485fa6dc419247fdda6e320666e
firefox-debuginfo-52.0-5.el7_3.ppc64.rpm     MD5: 12a9dfca46c72835e921b34889fd5a59
SHA-256: 02a8391d7e6bfe51ed215ae59dbd709a45cd8a82d4fca6be67be3460496cb38f
 
PPC64LE:
firefox-52.0-5.el7_3.ppc64le.rpm     MD5: 24e79c87602b6baa5464b2519bf057ea
SHA-256: a5294e1287cd973bc6218469aafff334ebee094f64e2cc4ecdca7e4b8fde4185
firefox-debuginfo-52.0-5.el7_3.ppc64le.rpm     MD5: 588dc09148fb91c858b466a3e5b43eba
SHA-256: 8cc0f2ad2d1786793d86c40c31d6c90657bd0c6fb40c71cec4c073b433acb8ab
 
s390x:
firefox-52.0-5.el7_3.s390.rpm     MD5: 63c4f8838dcb6afc9462560a5c6ccdbc
SHA-256: 260b4f758bccf97c0af705c231e5e9d90ff1911c981d1a26f1c2d3553a06d656
firefox-52.0-5.el7_3.s390x.rpm     MD5: 16976bda18e3bf72a6e57657978a1bf2
SHA-256: 10b23e28c951fcbc7311186510b9bc1774ce77d2765cf78f49278be9ee99e53f
firefox-debuginfo-52.0-5.el7_3.s390.rpm     MD5: c261a3d7906d600ec6fa958dbfb7bceb
SHA-256: d1c0fda2d31de741d5b63ff7232fc0f9d9d98138a1e4952e29a5a180f4fcb6b1
firefox-debuginfo-52.0-5.el7_3.s390x.rpm     MD5: 404acc47f368b1ef3d691618dda19a74
SHA-256: bf53ff00c244d537d9c6130aef3d05201a9763a0e4e836d2d43a2c12ad8e8c9a
 
x86_64:
firefox-52.0-5.el7_3.i686.rpm     MD5: c93238cb3f61559c59368b0151b100d9
SHA-256: 568af2f4b10c4b08499ea0810755b618ad633c02c0cbe657ebc3153c890c88cc
firefox-52.0-5.el7_3.x86_64.rpm     MD5: 454ca07277fe1cb07cceddfa7ead1676
SHA-256: 968c51f5d3ed97511a0cce115524df9745740fa424a79d749b29f586e6be2715
firefox-debuginfo-52.0-5.el7_3.i686.rpm     MD5: 7ab5e825fb0eef005cc257308c4a2b2f
SHA-256: e5e40b3e92de2fd5c20f12a7f6f3077634f57678f1522fd99f9a2034a1bd5001
firefox-debuginfo-52.0-5.el7_3.x86_64.rpm     MD5: 8c4e904b319ec0be9c26fd9b001ca869
SHA-256: c91e8ea46b968c0aa1b70ba13e045379d22854c83fa61e4421053e2568c649bb
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
firefox-52.0-5.el7_3.src.rpm     MD5: 3d5b1e458cb5aaa7af9427bf3960f47f
SHA-256: 4a471b13e0e9859501443b00ebe8359c7cafb3dd01a3b6ffb24c2417b6d29e91
 
x86_64:
firefox-52.0-5.el7_3.i686.rpm     MD5: c93238cb3f61559c59368b0151b100d9
SHA-256: 568af2f4b10c4b08499ea0810755b618ad633c02c0cbe657ebc3153c890c88cc
firefox-52.0-5.el7_3.x86_64.rpm     MD5: 454ca07277fe1cb07cceddfa7ead1676
SHA-256: 968c51f5d3ed97511a0cce115524df9745740fa424a79d749b29f586e6be2715
firefox-debuginfo-52.0-5.el7_3.i686.rpm     MD5: 7ab5e825fb0eef005cc257308c4a2b2f
SHA-256: e5e40b3e92de2fd5c20f12a7f6f3077634f57678f1522fd99f9a2034a1bd5001
firefox-debuginfo-52.0-5.el7_3.x86_64.rpm     MD5: 8c4e904b319ec0be9c26fd9b001ca869
SHA-256: c91e8ea46b968c0aa1b70ba13e045379d22854c83fa61e4421053e2568c649bb
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
firefox-52.0-5.el7_3.src.rpm     MD5: 3d5b1e458cb5aaa7af9427bf3960f47f
SHA-256: 4a471b13e0e9859501443b00ebe8359c7cafb3dd01a3b6ffb24c2417b6d29e91
 
x86_64:
firefox-52.0-5.el7_3.i686.rpm     MD5: c93238cb3f61559c59368b0151b100d9
SHA-256: 568af2f4b10c4b08499ea0810755b618ad633c02c0cbe657ebc3153c890c88cc
firefox-52.0-5.el7_3.x86_64.rpm     MD5: 454ca07277fe1cb07cceddfa7ead1676
SHA-256: 968c51f5d3ed97511a0cce115524df9745740fa424a79d749b29f586e6be2715
firefox-debuginfo-52.0-5.el7_3.i686.rpm     MD5: 7ab5e825fb0eef005cc257308c4a2b2f
SHA-256: e5e40b3e92de2fd5c20f12a7f6f3077634f57678f1522fd99f9a2034a1bd5001
firefox-debuginfo-52.0-5.el7_3.x86_64.rpm     MD5: 8c4e904b319ec0be9c26fd9b001ca869
SHA-256: c91e8ea46b968c0aa1b70ba13e045379d22854c83fa61e4421053e2568c649bb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1433202 - CVE-2017-5428 Mozilla: integer overflow in createImageBitmap() (MFSA 2017-08)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/