Bug 22129

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Firefox 52.5.2 released also correcting CVE-2017-7845

Assignee: pkg-bugs => nicolas.salguero
Summary: firefox new security issue CVE-2017-7843 => firefox new security issues CVE-2017-7843, CVE-2017-7845
CC: (none) => nicolas.salguero

I did not see that CVE-2017-7845 only affects Windows.

Summary: firefox new security issues CVE-2017-7843, CVE-2017-7845 => firefox new security issue CVE-2017-7843

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Web worker in Private Browsing mode can write IndexedDB data. (CVE-2017-7843)

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7843
========================

Updated packages in 5/core/updates_testing:
========================
firefox-52.5.2-1.mga5
firefox-devel-52.5.2-1.mga5
firefox-af-52.5.2-1.mga5
firefox-an-52.5.2-1.mga5
firefox-ar-52.5.2-1.mga5
firefox-as-52.5.2-1.mga5
firefox-ast-52.5.2-1.mga5
firefox-az-52.5.2-1.mga5
firefox-bg-52.5.2-1.mga5
firefox-bn_IN-52.5.2-1.mga5
firefox-bn_BD-52.5.2-1.mga5
firefox-br-52.5.2-1.mga5
firefox-bs-52.5.2-1.mga5
firefox-ca-52.5.2-1.mga5
firefox-cs-52.5.2-1.mga5
firefox-cy-52.5.2-1.mga5
firefox-da-52.5.2-1.mga5
firefox-de-52.5.2-1.mga5
firefox-el-52.5.2-1.mga5
firefox-en_GB-52.5.2-1.mga5
firefox-en_US-52.5.2-1.mga5
firefox-en_ZA-52.5.2-1.mga5
firefox-eo-52.5.2-1.mga5
firefox-es_AR-52.5.2-1.mga5
firefox-es_CL-52.5.2-1.mga5
firefox-es_ES-52.5.2-1.mga5
firefox-es_MX-52.5.2-1.mga5
firefox-et-52.5.2-1.mga5
firefox-eu-52.5.2-1.mga5
firefox-fa-52.5.2-1.mga5
firefox-ff-52.5.2-1.mga5
firefox-fi-52.5.2-1.mga5
firefox-fr-52.5.2-1.mga5
firefox-fy_NL-52.5.2-1.mga5
firefox-ga_IE-52.5.2-1.mga5
firefox-gd-52.5.2-1.mga5
firefox-gl-52.5.2-1.mga5
firefox-gu_IN-52.5.2-1.mga5
firefox-he-52.5.2-1.mga5
firefox-hi_IN-52.5.2-1.mga5
firefox-hr-52.5.2-1.mga5
firefox-hsb-52.5.2-1.mga5
firefox-hu-52.5.2-1.mga5
firefox-hy_AM-52.5.2-1.mga5
firefox-id-52.5.2-1.mga5
firefox-is-52.5.2-1.mga5
firefox-it-52.5.2-1.mga5
firefox-ja-52.5.2-1.mga5
firefox-kk-52.5.2-1.mga5
firefox-km-52.5.2-1.mga5
firefox-kn-52.5.2-1.mga5
firefox-ko-52.5.2-1.mga5
firefox-lij-52.5.2-1.mga5
firefox-lt-52.5.2-1.mga5
firefox-lv-52.5.2-1.mga5
firefox-mai-52.5.2-1.mga5
firefox-mk-52.5.2-1.mga5
firefox-ml-52.5.2-1.mga5
firefox-mr-52.5.2-1.mga5
firefox-ms-52.5.2-1.mga5
firefox-nb_NO-52.5.2-1.mga5
firefox-nl-52.5.2-1.mga5
firefox-nn_NO-52.5.2-1.mga5
firefox-or-52.5.2-1.mga5
firefox-pa_IN-52.5.2-1.mga5
firefox-pl-52.5.2-1.mga5
firefox-pt_BR-52.5.2-1.mga5
firefox-pt_PT-52.5.2-1.mga5
firefox-ro-52.5.2-1.mga5
firefox-ru-52.5.2-1.mga5
firefox-si-52.5.2-1.mga5
firefox-sk-52.5.2-1.mga5
firefox-sl-52.5.2-1.mga5
firefox-sq-52.5.2-1.mga5
firefox-sr-52.5.2-1.mga5
firefox-sv_SE-52.5.2-1.mga5
firefox-ta-52.5.2-1.mga5
firefox-te-52.5.2-1.mga5
firefox-th-52.5.2-1.mga5
firefox-tr-52.5.2-1.mga5
firefox-uk-52.5.2-1.mga5
firefox-uz-52.5.2-1.mga5
firefox-vi-52.5.2-1.mga5
firefox-xh-52.5.2-1.mga5
firefox-zh_CN-52.5.2-1.mga5
firefox-zh_TW-52.5.2-1.mga5

from SRPMS:
firefox-52.5.2-1.mga5.src.rpm
firefox-l10n-52.5.2-1.mga5.src.rpm

Updated packages in 6/core/updates_testing:
========================
firefox-52.5.2-1.mga6
firefox-devel-52.5.2-1.mga6
firefox-af-52.5.2-1.mga6
firefox-an-52.5.2-1.mga6
firefox-ar-52.5.2-1.mga6
firefox-as-52.5.2-1.mga6
firefox-ast-52.5.2-1.mga6
firefox-az-52.5.2-1.mga6
firefox-bg-52.5.2-1.mga6
firefox-bn_IN-52.5.2-1.mga6
firefox-bn_BD-52.5.2-1.mga6
firefox-br-52.5.2-1.mga6
firefox-bs-52.5.2-1.mga6
firefox-ca-52.5.2-1.mga6
firefox-cs-52.5.2-1.mga6
firefox-cy-52.5.2-1.mga6
firefox-da-52.5.2-1.mga6
firefox-de-52.5.2-1.mga6
firefox-el-52.5.2-1.mga6
firefox-en_GB-52.5.2-1.mga6
firefox-en_US-52.5.2-1.mga6
firefox-en_ZA-52.5.2-1.mga6
firefox-eo-52.5.2-1.mga6
firefox-es_AR-52.5.2-1.mga6
firefox-es_CL-52.5.2-1.mga6
firefox-es_ES-52.5.2-1.mga6
firefox-es_MX-52.5.2-1.mga6
firefox-et-52.5.2-1.mga6
firefox-eu-52.5.2-1.mga6
firefox-fa-52.5.2-1.mga6
firefox-ff-52.5.2-1.mga6
firefox-fi-52.5.2-1.mga6
firefox-fr-52.5.2-1.mga6
firefox-fy_NL-52.5.2-1.mga6
firefox-ga_IE-52.5.2-1.mga6
firefox-gd-52.5.2-1.mga6
firefox-gl-52.5.2-1.mga6
firefox-gu_IN-52.5.2-1.mga6
firefox-he-52.5.2-1.mga6
firefox-hi_IN-52.5.2-1.mga6
firefox-hr-52.5.2-1.mga6
firefox-hsb-52.5.2-1.mga6
firefox-hu-52.5.2-1.mga6
firefox-hy_AM-52.5.2-1.mga6
firefox-id-52.5.2-1.mga6
firefox-is-52.5.2-1.mga6
firefox-it-52.5.2-1.mga6
firefox-ja-52.5.2-1.mga6
firefox-kk-52.5.2-1.mga6
firefox-km-52.5.2-1.mga6
firefox-kn-52.5.2-1.mga6
firefox-ko-52.5.2-1.mga6
firefox-lij-52.5.2-1.mga6
firefox-lt-52.5.2-1.mga6
firefox-lv-52.5.2-1.mga6
firefox-mai-52.5.2-1.mga6
firefox-mk-52.5.2-1.mga6
firefox-ml-52.5.2-1.mga6
firefox-mr-52.5.2-1.mga6
firefox-ms-52.5.2-1.mga6
firefox-nb_NO-52.5.2-1.mga6
firefox-nl-52.5.2-1.mga6
firefox-nn_NO-52.5.2-1.mga6
firefox-or-52.5.2-1.mga6
firefox-pa_IN-52.5.2-1.mga6
firefox-pl-52.5.2-1.mga6
firefox-pt_BR-52.5.2-1.mga6
firefox-pt_PT-52.5.2-1.mga6
firefox-ro-52.5.2-1.mga6
firefox-ru-52.5.2-1.mga6
firefox-si-52.5.2-1.mga6
firefox-sk-52.5.2-1.mga6
firefox-sl-52.5.2-1.mga6
firefox-sq-52.5.2-1.mga6
firefox-sr-52.5.2-1.mga6
firefox-sv_SE-52.5.2-1.mga6
firefox-ta-52.5.2-1.mga6
firefox-te-52.5.2-1.mga6
firefox-th-52.5.2-1.mga6
firefox-tr-52.5.2-1.mga6
firefox-uk-52.5.2-1.mga6
firefox-uz-52.5.2-1.mga6
firefox-vi-52.5.2-1.mga6
firefox-xh-52.5.2-1.mga6
firefox-zh_CN-52.5.2-1.mga6
firefox-zh_TW-52.5.2-1.mga6

from SRPMS:
firefox-52.5.2-1.mga6.src.rpm
firefox-l10n-52.5.2-1.mga6.src.rpm

Status: NEW => ASSIGNED
Whiteboard: (none) => MGA5TOO
CVE: (none) => CVE-2017-7843
Assignee: nicolas.salguero => qa-bugs

In VirtualBox, M6, Plasma, 64-bit

Package(s) under test:
firefox firefox-en_US firefox-en_GB

default install of firefox firefox-en_US & firefox-en_GB

[root@localhost wilcal]# urpmi firefox
Package firefox-52.5.0-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi firefox-en_US
Package firefox-en_US-52.5.0-1.mga6.noarch is already installed
[root@localhost wilcal]# urpmi firefox-en_GB
Package firefox-en_GB-52.5.0-1.mga6.noarch is already installed

Firefox works, many websites are accessible, YouTube & Vimeo videos play,
common plugins are active. weather.com works fine.
http://www.webstandards.org/files/acid2/test.html#top  test ok
http://acid3.acidtests.org/   test ok

install firefox firefox-en_US & firefox-en_GB from updates_testing

[root@localhost wilcal]# urpmi firefox
Package firefox-52.5.2-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi firefox-en_US
Package firefox-en_US-52.5.2-1.mga6.noarch is already installed
[root@localhost wilcal]# urpmi firefox-en_GB
Package firefox-en_GB-52.5.2-1.mga6.noarch is already installed

Firefox works, many websites are accessible, YouTube & Vimeo videos play,
common plugins are active. weather.com does work.
http://www.webstandards.org/files/acid2/test.html#top  test ok
http://acid3.acidtests.org/   test ok

CC: (none) => wilcal.int

In VirtualBox, M6, Plasma, 32-bit

Package(s) under test:
firefox firefox-en_US firefox-en_GB

default install of firefox firefox-en_US & firefox-en_GB

[root@localhost wilcal]# urpmi firefox
Package firefox-52.5.0-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi firefox-en_US
Package firefox-en_US-52.5.0-1.mga6.noarch is already installed
[root@localhost wilcal]# urpmi firefox-en_GB
Package firefox-en_GB-52.5.0-1.mga6.noarch is already installed

Firefox works, many websites are accessible, YouTube & Vimeo videos play,
common plugins are active. weather.com works fine.
http://www.webstandards.org/files/acid2/test.html#top  test ok
http://acid3.acidtests.org/   test ok

install firefox firefox-en_US & firefox-en_GB from updates_testing

[root@localhost wilcal]# urpmi firefox
Package firefox-52.5.2-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi firefox-en_US
Package firefox-en_US-52.5.2-1.mga6.noarch is already installed
[root@localhost wilcal]# urpmi firefox-en_GB
Package firefox-en_GB-52.5.2-1.mga6.noarch is already installed

Firefox works, many websites are accessible, YouTube & Vimeo videos play,
common plugins are active. weather.com does work.
http://www.webstandards.org/files/acid2/test.html#top  test ok
http://acid3.acidtests.org/   test ok

Updated this on Mageia 6 for x86_64, with en_US and en_GB language packs.
Relaunched firefox.  help -> about firefox reported 52.5.2.
Bookmarks and menus OK.  Checked installed extensions through tools menu.
Visited a few astronomical sites, Radio Times, madb, Youtube.  All working as before.  Found the Weather Underground via the search field.  Borrowed wilcal's acid2 and acid3 links.  Working fine.  
$ firefox file:///home/lcl/Downloads
That provided access to a user directory and files could be examined, as text with selected application, or images or linked through html or run as cgi.

All good.

Whiteboard: MGA5TOO => MGA5TOO
CC: (none) => tarazed25

on mga6-64

packages installed cleanly:
- firefox-52.5.2-1.mga6.x86_64
- firefox-en_GB-52.5.2-1.mga6.noarch

firefox-sync OK
Tested on several web sites
video and streaming video OK
no regressions noted

OK on mga6-64

CC: (none) => jim

Don't forget to add the mga5-64-ok tag etc, after testing.

Validating the update.

Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK MGA5-32-OK MGA6-64-OK MGA6-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => advisory, validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0448.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED