Bug 1942784 (CVE-2021-4127)

Summary: CVE-2021-4127 Mozilla: Angle graphics library out of date
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 78.9, thunderbird 78.9 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this issue as: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-04 04:46:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1939796, 1939797, 1939798, 1939799, 1939800, 1939801, 1939805, 1939806, 1939807, 1939808, 1939809, 1939810, 1940303    
Bug Blocks: 1939794, 1967629    

Description Doran Moppert 2021-03-25 00:47:21 UTC 
An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited.


External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127
https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-4127
Comment 1 Doran Moppert 2021-03-25 00:47:25 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Mozilla Developers, Abraruddin Khan and Omair
Comment 2 Mauro Matteo Cascella 2023-01-02 14:56:01 UTC 
Mozilla upstream states that this issue was fixed in Firefox/Thunderbird version 78.9. The firefox/thunderbird packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

firefox in Red Hat Enterprise Linux 7
https://access.redhat.com/errata/RHSA-2021:0992

firefox in Red Hat Enterprise Linux 8.1 Extended Update Support
https://access.redhat.com/errata/RHSA-2021:0991

firefox in Red Hat Enterprise Linux 8.2 Extended Update Support
https://access.redhat.com/errata/RHSA-2021:0989

firefox in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:0990

thunderbird in Red Hat Enterprise Linux 7
https://access.redhat.com/errata/RHSA-2021:0996

thunderbird in Red Hat Enterprise Linux 8.1 Extended Update Support
https://access.redhat.com/errata/RHSA-2021:0995

thunderbird in Red Hat Enterprise Linux 8.2 Extended Update Support
https://access.redhat.com/errata/RHSA-2021:0994

thunderbird in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:0993