Bug 14043

Once this is built, the updated packages will be as follows.

rootcerts-20140805.00-1.mga3
rootcerts-java-20140805.00-1.mga3
libnspr4-4.10.7-1.mga3
libnspr-devel-4.10.7-1.mga3
nss-3.17.0-1.mga3
nss-doc-3.17.0-1.mga3
libnss3-3.17.0-1.mga3
libnss-devel-3.17.0-1.mga3
libnss-static-devel-3.17.0-1.mga3
firefox-24.8.0-1.mga3
firefox-devel-24.8.0-1.mga3
firefox-af-24.8.0-1.mga3
firefox-ar-24.8.0-1.mga3
firefox-as-24.8.0-1.mga3
firefox-ast-24.8.0-1.mga3
firefox-be-24.8.0-1.mga3
firefox-bg-24.8.0-1.mga3
firefox-bn_IN-24.8.0-1.mga3
firefox-bn_BD-24.8.0-1.mga3
firefox-br-24.8.0-1.mga3
firefox-bs-24.8.0-1.mga3
firefox-ca-24.8.0-1.mga3
firefox-cs-24.8.0-1.mga3
firefox-csb-24.8.0-1.mga3
firefox-cy-24.8.0-1.mga3
firefox-da-24.8.0-1.mga3
firefox-de-24.8.0-1.mga3
firefox-el-24.8.0-1.mga3
firefox-en_GB-24.8.0-1.mga3
firefox-en_ZA-24.8.0-1.mga3
firefox-eo-24.8.0-1.mga3
firefox-es_AR-24.8.0-1.mga3
firefox-es_CL-24.8.0-1.mga3
firefox-es_ES-24.8.0-1.mga3
firefox-es_MX-24.8.0-1.mga3
firefox-et-24.8.0-1.mga3
firefox-eu-24.8.0-1.mga3
firefox-fa-24.8.0-1.mga3
firefox-ff-24.8.0-1.mga3
firefox-fi-24.8.0-1.mga3
firefox-fr-24.8.0-1.mga3
firefox-fy-24.8.0-1.mga3
firefox-ga_IE-24.8.0-1.mga3
firefox-gd-24.8.0-1.mga3
firefox-gl-24.8.0-1.mga3
firefox-gu_IN-24.8.0-1.mga3
firefox-he-24.8.0-1.mga3
firefox-hi-24.8.0-1.mga3
firefox-hr-24.8.0-1.mga3
firefox-hu-24.8.0-1.mga3
firefox-hy-24.8.0-1.mga3
firefox-id-24.8.0-1.mga3
firefox-is-24.8.0-1.mga3
firefox-it-24.8.0-1.mga3
firefox-ja-24.8.0-1.mga3
firefox-kk-24.8.0-1.mga3
firefox-ko-24.8.0-1.mga3
firefox-km-24.8.0-1.mga3
firefox-kn-24.8.0-1.mga3
firefox-ku-24.8.0-1.mga3
firefox-lg-24.8.0-1.mga3
firefox-lij-24.8.0-1.mga3
firefox-lt-24.8.0-1.mga3
firefox-lv-24.8.0-1.mga3
firefox-mai-24.8.0-1.mga3
firefox-mk-24.8.0-1.mga3
firefox-ml-24.8.0-1.mga3
firefox-mr-24.8.0-1.mga3
firefox-nb_NO-24.8.0-1.mga3
firefox-nl-24.8.0-1.mga3
firefox-nn_NO-24.8.0-1.mga3
firefox-nso-24.8.0-1.mga3
firefox-or-24.8.0-1.mga3
firefox-pa_IN-24.8.0-1.mga3
firefox-pl-24.8.0-1.mga3
firefox-pt_BR-24.8.0-1.mga3
firefox-pt_PT-24.8.0-1.mga3
firefox-ro-24.8.0-1.mga3
firefox-ru-24.8.0-1.mga3
firefox-si-24.8.0-1.mga3
firefox-sk-24.8.0-1.mga3
firefox-sl-24.8.0-1.mga3
firefox-sq-24.8.0-1.mga3
firefox-sr-24.8.0-1.mga3
firefox-sv_SE-24.8.0-1.mga3
firefox-ta-24.8.0-1.mga3
firefox-ta_LK-24.8.0-1.mga3
firefox-te-24.8.0-1.mga3
firefox-th-24.8.0-1.mga3
firefox-tr-24.8.0-1.mga3
firefox-uk-24.8.0-1.mga3
firefox-vi-24.8.0-1.mga3
firefox-zh_CN-24.8.0-1.mga3
firefox-zh_TW-24.8.0-1.mga3
firefox-zu-24.8.0-1.mga3
thunderbird-24.8.0-1.mga3
thunderbird-enigmail-24.8.0-1.mga3
nsinstall-24.8.0-1.mga3
thunderbird-ar-24.8.0-1.mga3
thunderbird-ast-24.8.0-1.mga3
thunderbird-be-24.8.0-1.mga3
thunderbird-bg-24.8.0-1.mga3
thunderbird-bn_BD-24.8.0-1.mga3
thunderbird-br-24.8.0-1.mga3
thunderbird-ca-24.8.0-1.mga3
thunderbird-cs-24.8.0-1.mga3
thunderbird-da-24.8.0-1.mga3
thunderbird-de-24.8.0-1.mga3
thunderbird-el-24.8.0-1.mga3
thunderbird-en_GB-24.8.0-1.mga3
thunderbird-es_AR-24.8.0-1.mga3
thunderbird-es_ES-24.8.0-1.mga3
thunderbird-et-24.8.0-1.mga3
thunderbird-eu-24.8.0-1.mga3
thunderbird-fi-24.8.0-1.mga3
thunderbird-fr-24.8.0-1.mga3
thunderbird-fy-24.8.0-1.mga3
thunderbird-ga-24.8.0-1.mga3
thunderbird-gd-24.8.0-1.mga3
thunderbird-gl-24.8.0-1.mga3
thunderbird-he-24.8.0-1.mga3
thunderbird-hr-24.8.0-1.mga3
thunderbird-hu-24.8.0-1.mga3
thunderbird-hy-24.8.0-1.mga3
thunderbird-id-24.8.0-1.mga3
thunderbird-is-24.8.0-1.mga3
thunderbird-it-24.8.0-1.mga3
thunderbird-ja-24.8.0-1.mga3
thunderbird-ko-24.8.0-1.mga3
thunderbird-lt-24.8.0-1.mga3
thunderbird-nb_NO-24.8.0-1.mga3
thunderbird-nl-24.8.0-1.mga3
thunderbird-nn_NO-24.8.0-1.mga3
thunderbird-pl-24.8.0-1.mga3
thunderbird-pa_IN-24.8.0-1.mga3
thunderbird-pt_BR-24.8.0-1.mga3
thunderbird-pt_PT-24.8.0-1.mga3
thunderbird-ro-24.8.0-1.mga3
thunderbird-ru-24.8.0-1.mga3
thunderbird-si-24.8.0-1.mga3
thunderbird-sk-24.8.0-1.mga3
thunderbird-sl-24.8.0-1.mga3
thunderbird-sq-24.8.0-1.mga3
thunderbird-sv_SE-24.8.0-1.mga3
thunderbird-ta_LK-24.8.0-1.mga3
thunderbird-tr-24.8.0-1.mga3
thunderbird-uk-24.8.0-1.mga3
thunderbird-vi-24.8.0-1.mga3
thunderbird-zh_CN-24.8.0-1.mga3
thunderbird-zh_TW-24.8.0-1.mga3
rootcerts-20140805.00-1.mga4
rootcerts-java-20140805.00-1.mga4
libnspr4-4.10.7-1.mga4
libnspr-devel-4.10.7-1.mga4
nss-3.17.0-1.mga4
nss-doc-3.17.0-1.mga4
libnss3-3.17.0-1.mga4
libnss-devel-3.17.0-1.mga4
libnss-static-devel-3.17.0-1.mga4
firefox-24.8.0-1.mga4
firefox-devel-24.8.0-1.mga4
firefox-af-24.8.0-1.mga4
firefox-ar-24.8.0-1.mga4
firefox-as-24.8.0-1.mga4
firefox-ast-24.8.0-1.mga4
firefox-be-24.8.0-1.mga4
firefox-bg-24.8.0-1.mga4
firefox-bn_IN-24.8.0-1.mga4
firefox-bn_BD-24.8.0-1.mga4
firefox-br-24.8.0-1.mga4
firefox-bs-24.8.0-1.mga4
firefox-ca-24.8.0-1.mga4
firefox-cs-24.8.0-1.mga4
firefox-csb-24.8.0-1.mga4
firefox-cy-24.8.0-1.mga4
firefox-da-24.8.0-1.mga4
firefox-de-24.8.0-1.mga4
firefox-el-24.8.0-1.mga4
firefox-en_GB-24.8.0-1.mga4
firefox-en_ZA-24.8.0-1.mga4
firefox-eo-24.8.0-1.mga4
firefox-es_AR-24.8.0-1.mga4
firefox-es_CL-24.8.0-1.mga4
firefox-es_ES-24.8.0-1.mga4
firefox-es_MX-24.8.0-1.mga4
firefox-et-24.8.0-1.mga4
firefox-eu-24.8.0-1.mga4
firefox-fa-24.8.0-1.mga4
firefox-ff-24.8.0-1.mga4
firefox-fi-24.8.0-1.mga4
firefox-fr-24.8.0-1.mga4
firefox-fy-24.8.0-1.mga4
firefox-ga_IE-24.8.0-1.mga4
firefox-gd-24.8.0-1.mga4
firefox-gl-24.8.0-1.mga4
firefox-gu_IN-24.8.0-1.mga4
firefox-he-24.8.0-1.mga4
firefox-hi-24.8.0-1.mga4
firefox-hr-24.8.0-1.mga4
firefox-hu-24.8.0-1.mga4
firefox-hy-24.8.0-1.mga4
firefox-id-24.8.0-1.mga4
firefox-is-24.8.0-1.mga4
firefox-it-24.8.0-1.mga4
firefox-ja-24.8.0-1.mga4
firefox-kk-24.8.0-1.mga4
firefox-ko-24.8.0-1.mga4
firefox-km-24.8.0-1.mga4
firefox-kn-24.8.0-1.mga4
firefox-ku-24.8.0-1.mga4
firefox-lg-24.8.0-1.mga4
firefox-lij-24.8.0-1.mga4
firefox-lt-24.8.0-1.mga4
firefox-lv-24.8.0-1.mga4
firefox-mai-24.8.0-1.mga4
firefox-mk-24.8.0-1.mga4
firefox-ml-24.8.0-1.mga4
firefox-mr-24.8.0-1.mga4
firefox-nb_NO-24.8.0-1.mga4
firefox-nl-24.8.0-1.mga4
firefox-nn_NO-24.8.0-1.mga4
firefox-nso-24.8.0-1.mga4
firefox-or-24.8.0-1.mga4
firefox-pa_IN-24.8.0-1.mga4
firefox-pl-24.8.0-1.mga4
firefox-pt_BR-24.8.0-1.mga4
firefox-pt_PT-24.8.0-1.mga4
firefox-ro-24.8.0-1.mga4
firefox-ru-24.8.0-1.mga4
firefox-si-24.8.0-1.mga4
firefox-sk-24.8.0-1.mga4
firefox-sl-24.8.0-1.mga4
firefox-sq-24.8.0-1.mga4
firefox-sr-24.8.0-1.mga4
firefox-sv_SE-24.8.0-1.mga4
firefox-ta-24.8.0-1.mga4
firefox-ta_LK-24.8.0-1.mga4
firefox-te-24.8.0-1.mga4
firefox-th-24.8.0-1.mga4
firefox-tr-24.8.0-1.mga4
firefox-uk-24.8.0-1.mga4
firefox-vi-24.8.0-1.mga4
firefox-zh_CN-24.8.0-1.mga4
firefox-zh_TW-24.8.0-1.mga4
firefox-zu-24.8.0-1.mga4
thunderbird-24.8.0-1.mga4
thunderbird-enigmail-24.8.0-1.mga4
nsinstall-24.8.0-1.mga4
thunderbird-ar-24.8.0-1.mga4
thunderbird-ast-24.8.0-1.mga4
thunderbird-be-24.8.0-1.mga4
thunderbird-bg-24.8.0-1.mga4
thunderbird-bn_BD-24.8.0-1.mga4
thunderbird-br-24.8.0-1.mga4
thunderbird-ca-24.8.0-1.mga4
thunderbird-cs-24.8.0-1.mga4
thunderbird-da-24.8.0-1.mga4
thunderbird-de-24.8.0-1.mga4
thunderbird-el-24.8.0-1.mga4
thunderbird-en_GB-24.8.0-1.mga4
thunderbird-es_AR-24.8.0-1.mga4
thunderbird-es_ES-24.8.0-1.mga4
thunderbird-et-24.8.0-1.mga4
thunderbird-eu-24.8.0-1.mga4
thunderbird-fi-24.8.0-1.mga4
thunderbird-fr-24.8.0-1.mga4
thunderbird-fy-24.8.0-1.mga4
thunderbird-ga-24.8.0-1.mga4
thunderbird-gd-24.8.0-1.mga4
thunderbird-gl-24.8.0-1.mga4
thunderbird-he-24.8.0-1.mga4
thunderbird-hr-24.8.0-1.mga4
thunderbird-hu-24.8.0-1.mga4
thunderbird-hy-24.8.0-1.mga4
thunderbird-id-24.8.0-1.mga4
thunderbird-is-24.8.0-1.mga4
thunderbird-it-24.8.0-1.mga4
thunderbird-ja-24.8.0-1.mga4
thunderbird-ko-24.8.0-1.mga4
thunderbird-lt-24.8.0-1.mga4
thunderbird-nb_NO-24.8.0-1.mga4
thunderbird-nl-24.8.0-1.mga4
thunderbird-nn_NO-24.8.0-1.mga4
thunderbird-pl-24.8.0-1.mga4
thunderbird-pa_IN-24.8.0-1.mga4
thunderbird-pt_BR-24.8.0-1.mga4
thunderbird-pt_PT-24.8.0-1.mga4
thunderbird-ro-24.8.0-1.mga4
thunderbird-ru-24.8.0-1.mga4
thunderbird-si-24.8.0-1.mga4
thunderbird-sk-24.8.0-1.mga4
thunderbird-sl-24.8.0-1.mga4
thunderbird-sq-24.8.0-1.mga4
thunderbird-sv_SE-24.8.0-1.mga4
thunderbird-ta_LK-24.8.0-1.mga4
thunderbird-tr-24.8.0-1.mga4
thunderbird-uk-24.8.0-1.mga4
thunderbird-vi-24.8.0-1.mga4
thunderbird-zh_CN-24.8.0-1.mga4
thunderbird-zh_TW-24.8.0-1.mga4

from SRPMS:
rootcerts-20140805.00-1.mga3.src.rpm
nspr-4.10.7-1.mga3.src.rpm
nss-3.17.0-1.mga3.src.rpm
firefox-24.8.0-1.mga3.src.rpm
firefox-l10n-24.8.0-1.mga3.src.rpm
thunderbird-24.8.0-1.mga3.src.rpm
thunderbird-l10n-24.8.0-1.mga3.src.rpm
rootcerts-20140805.00-1.mga4.src.rpm
nspr-4.10.7-1.mga4.src.rpm
nss-3.17.0-1.mga4.src.rpm
firefox-24.8.0-1.mga4.src.rpm
firefox-l10n-24.8.0-1.mga4.src.rpm
thunderbird-24.8.0-1.mga4.src.rpm
thunderbird-l10n-24.8.0-1.mga4.src.rpm

Updated packages uploaded for Mageia 3 and Mageia 4.

Details in Comment 0 (formal advisory still pending).

Package list in Comment 1.

Assignee: bugsquad => qa-bugs

No exploits listed on Securityfocus. Testing mga3-64.

Thunderbird: send/receive/move/delete work on IMAP/SMTP

Firefox: General browsing, sunspider javascript, flash (Youtube) all OK. I'm having an issue with getting java to run, but it's probably a setting on my end, as this is a fresh install.  If I don't have any problems with mga4-64, I'll presume that's good to go.

CC: (none) => wrw105

Everything's working fine here Mageia 4 i586 (Java and Flash included) for Firefox and Thunderbird.

You're probably missing icedtea-web Bill

Claire: already checked that, it's there and enabled.  Probably some obscure setting in the bowels of about:config that I'm missing.

Mga4-64 tested as above, all OK including java.

Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok mga3-64-ok

mga3-32: all OK.

Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok

mga3 64 is OK here

Java tested at
https://www.java.com/en/download/installed.jsp
http://javatester.org/version.html

I had a to refresh a few times at the 2nd link but it showed properly then.

Also http://www.w3.org/People/mimasa/test/object/java/jar-nest2

Thanks Bill and Claire.  Still no update from RedHat.  I'm guessing their advisory will read as follows.  We can use this and validate it.

Advisory:
========================

Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1562, CVE-2014-1567).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567
https://www.mozilla.org/security/announce/2014/mfsa2014-67.html
https://www.mozilla.org/security/announce/2014/mfsa2014-72.html
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok

Validating. Advisory uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok => MGA3TOO has_procedure advisory mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok
CC: (none) => sysadmin-bugs

(In reply to David Walser from comment #10)
> Still no update from RedHat.  I'm guessing their
> advisory will read as follows.  We can use this and validate it.

Nailed it!  :D

If someone wouldn't mind adding these to the references...

https://rhn.redhat.com/errata/RHSA-2014-1144.html
https://rhn.redhat.com/errata/RHSA-2014-1145.html

done

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0372.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED