Critical CentOS firefox Security Update

Metadata

critical
10.0
firefox-38.7.0-1.el5.centos.i386.rpm, firefox-38.7.0-1.el5.centos.src.rpm, firefox-38.7.0-1.el5.centos.x86_64.rpm, firefox-38.7.0-1.el6.centos.i686.rpm, firefox-38.7.0-1.el6.centos.src.rpm, firefox-38.7.0-1.el6.centos.x86_64.rpm, firefox-38.7.0-1.el7.centos.i686.rpm, firefox-38.7.0-1.el7.centos.src.rpm, firefox-38.7.0-1.el7.centos.x86_64.rpm
CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
rhn.redhat.com, lists.centos.org, lists.centos.org, lists.centos.org
2016-03-09
2017-07-27 19:10
Important CentOS thunderbird Security Update
CVE-2016-2790 firefox-esr
CVE-2016-2797 graphite2
CVE-2016-1974 firefox-esr
CVE-2016-2793 graphite2
CVE-2016-1960 icedove
CVE-2016-1961 firefox
CVE-2016-2796 firefox
CVE-2016-2792 firefox
CVE-2016-1962 icedove
CVE-2016-2793 icedove
CVE-2016-2794 firefox-esr
CVE-2016-1977 graphite2
CVE-2016-1958 firefox-esr
CVE-2016-1974 firefox
CVE-2016-2795 firefox-esr
CVE-2016-2800 firefox-esr
CVE-2016-1954 firefox
CVE-2016-2794 iceweasel
CVE-2016-1957 firefox-esr
CVE-2016-2796 firefox-esr
CVE-2016-1977 iceweasel
CVE-2016-1966 iceweasel
CVE-2016-2796 graphite2
CVE-2016-2790 graphite2
CVE-2016-2795 graphite2
CVE-2016-1966 firefox
CVE-2016-1957 firefox
CVE-2016-2802 firefox
CVE-2016-1964 firefox-esr
CVE-2016-2798 firefox-esr
CVE-2016-2791 firefox-esr
CVE-2016-2794 icedove
CVE-2016-2799 icedove
CVE-2016-2798 iceweasel
CVE-2016-1952 firefox
CVE-2016-2798 icedove
CVE-2016-1961 icedove
CVE-2016-1966 icedove
CVE-2016-2795 icedove
CVE-2016-1973 iceweasel
CVE-2016-1964 iceweasel
CVE-2016-2791 iceweasel
CVE-2016-1954 iceweasel
CVE-2016-1957 icedove
CVE-2016-1961 iceweasel
CVE-2016-2801 firefox
CVE-2016-2802 iceweasel
CVE-2016-1973 firefox
CVE-2016-2793 iceweasel
CVE-2016-1952 firefox-esr
CVE-2016-1965 firefox
CVE-2016-1960 iceweasel
CVE-2016-2797 firefox-esr
CVE-2016-1973 firefox-esr
CVE-2016-1977 firefox-esr
CVE-2016-1960 firefox-esr
CVE-2016-1961 firefox-esr
CVE-2016-1966 firefox-esr
CVE-2016-1965 firefox-esr
CVE-2016-2799 firefox-esr
CVE-2016-2792 firefox-esr
CVE-2016-2793 firefox-esr
CVE-2016-2801 firefox-esr
CVE-2016-2802 firefox-esr
CVE-2016-2800 icedove
CVE-2016-2797 icedove
CVE-2016-2791 firefox
CVE-2016-2794 firefox
CVE-2016-2798 firefox
CVE-2016-1960 firefox
CVE-2016-2799 firefox
CVE-2016-2800 graphite2
CVE-2016-2801 icedove
CVE-2016-2802 icedove
CVE-2016-2796 icedove
CVE-2016-2791 icedove
CVE-2016-2792 icedove
CVE-2016-1954 icedove
CVE-2016-2790 icedove
CVE-2016-2800 iceweasel
CVE-2016-2801 iceweasel
CVE-2016-2796 iceweasel
CVE-2016-2799 iceweasel
CVE-2016-1952 iceweasel
CVE-2016-1954 firefox-esr
CVE-2016-1974 iceweasel
CVE-2016-2792 graphite2
CVE-2016-2790 firefox
CVE-2016-2797 firefox
CVE-2016-2790 iceweasel
CVE-2016-2801 graphite2
CVE-2016-1974 icedove
CVE-2016-1977 icedove
CVE-2016-2795 iceweasel
CVE-2016-1965 iceweasel
CVE-2016-1957 iceweasel
CVE-2016-2797 iceweasel
CVE-2016-1958 firefox
CVE-2016-1962 iceweasel
CVE-2016-1977 firefox
CVE-2016-1962 firefox
CVE-2016-1964 firefox
CVE-2016-2793 firefox
CVE-2016-2792 iceweasel
CVE-2016-2800 firefox
CVE-2016-1958 iceweasel
CVE-2016-2795 firefox
CVE-2016-1962 firefox-esr
CVE-2016-2798 graphite2
CVE-2016-2802 graphite2
CVE-2016-2799 graphite2
CVE-2016-2794 graphite2
CVE-2016-1964 icedove
CVE-2016-2791 graphite2
CVE-2016-2790
CVE-2016-1974
CVE-2016-1960
CVE-2016-2802
CVE-2016-1952
CVE-2016-1958
CVE-2016-2800
CVE-2016-2797
CVE-2016-2791
CVE-2016-2799
CVE-2016-2792
CVE-2016-2794
CVE-2016-1957
CVE-2016-2793
CVE-2016-2795
CVE-2016-1964
CVE-2016-1973
CVE-2016-1962
CVE-2016-1966
CVE-2016-1954
CVE-2016-2796
CVE-2016-2801
CVE-2016-1977
CVE-2016-1961
CVE-2016-2798
CVE-2016-1965
2017-04-01 19:09
2017-01-05 20:13

Description


Updated firefox packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958,
CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,
CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)

Multiple security flaws were found in the graphite2 font library shipped
with Firefox. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,
CVE-2016-2802)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew
McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas
Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi,
ca0nguyen, lokihardt, Dominique Hazaël-Massieux, Nicolas Grégoire, Tsubasa
Iinuma, the Communications Electronics Security Group (UK) of the GCHQ,
Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters
of these issues.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 38.7.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 firefox firefox-38.7.0-1.el5.centos.i386.rpm
firefox firefox-38.7.0-1.el5.centos.src.rpm
firefox firefox-38.7.0-1.el5.centos.x86_64.rpm
6 firefox firefox-38.7.0-1.el6.centos.i686.rpm
firefox firefox-38.7.0-1.el6.centos.src.rpm
firefox firefox-38.7.0-1.el6.centos.x86_64.rpm
7 firefox firefox-38.7.0-1.el7.centos.i686.rpm
firefox firefox-38.7.0-1.el7.centos.src.rpm
firefox firefox-38.7.0-1.el7.centos.x86_64.rpm