Bug 24779

Summary: Firefox 60.6.2 and 66.0.4 fixes issue with expired cert causing extensions to be disabled
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, dieter, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK MGA6-32-OK
Source RPM: firefox CVE:
Status comment:

Description David Walser 2019-05-06 03:50:59 CEST 
Mozilla has issued updates today (May 5) that fix the widespread issue of addons being disabled due to an intermediate signing cert expiring:
https://www.mozilla.org/en-US/firefox/60.6.2/releasenotes/
https://www.mozilla.org/en-US/firefox/66.0.4/releasenotes/
David Walser 2019-05-06 03:51:05 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-05-06 04:06:20 CEST 
I've uploaded the 60.6.2 source to updates/6, but the xpi's for firefox-l10n are not available yet.
Comment 2 Thierry Vignaud 2019-05-07 11:07:38 CEST 
They're likely identical if that's the only change like for 66.0.4.
You can just bump firefox-l10n version in that case
Comment 3 David Walser 2019-05-07 13:45:11 CEST 
Thanks Thierry!

Pushing to the build system now, advisory to come later.

Assignee: thierry.vignaud => qa-bugs
Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 4 David Walser 2019-05-07 15:51:59 CEST 
Advisory:
----------------------------------------

The firefox package has been updated to version 60.6.2 to fix an issue where
extensions were disabled due to an expired signing certificate.

References:
https://www.mozilla.org/en-US/firefox/60.6.2/releasenotes/
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
firefox-60.6.2-1.mga6
firefox-devel-60.6.2-1.mga6
firefox-af-60.6.2-1.mga6
firefox-an-60.6.2-1.mga6
firefox-ar-60.6.2-1.mga6
firefox-as-60.6.2-1.mga6
firefox-ast-60.6.2-1.mga6
firefox-az-60.6.2-1.mga6
firefox-bg-60.6.2-1.mga6
firefox-bn_IN-60.6.2-1.mga6
firefox-bn_BD-60.6.2-1.mga6
firefox-br-60.6.2-1.mga6
firefox-bs-60.6.2-1.mga6
firefox-ca-60.6.2-1.mga6
firefox-cs-60.6.2-1.mga6
firefox-cy-60.6.2-1.mga6
firefox-da-60.6.2-1.mga6
firefox-de-60.6.2-1.mga6
firefox-el-60.6.2-1.mga6
firefox-en_GB-60.6.2-1.mga6
firefox-en_US-60.6.2-1.mga6
firefox-en_ZA-60.6.2-1.mga6
firefox-eo-60.6.2-1.mga6
firefox-es_AR-60.6.2-1.mga6
firefox-es_CL-60.6.2-1.mga6
firefox-es_ES-60.6.2-1.mga6
firefox-es_MX-60.6.2-1.mga6
firefox-et-60.6.2-1.mga6
firefox-eu-60.6.2-1.mga6
firefox-fa-60.6.2-1.mga6
firefox-ff-60.6.2-1.mga6
firefox-fi-60.6.2-1.mga6
firefox-fr-60.6.2-1.mga6
firefox-fy_NL-60.6.2-1.mga6
firefox-ga_IE-60.6.2-1.mga6
firefox-gd-60.6.2-1.mga6
firefox-gl-60.6.2-1.mga6
firefox-gu_IN-60.6.2-1.mga6
firefox-he-60.6.2-1.mga6
firefox-hi_IN-60.6.2-1.mga6
firefox-hr-60.6.2-1.mga6
firefox-hsb-60.6.2-1.mga6
firefox-hu-60.6.2-1.mga6
firefox-hy_AM-60.6.2-1.mga6
firefox-id-60.6.2-1.mga6
firefox-is-60.6.2-1.mga6
firefox-it-60.6.2-1.mga6
firefox-ja-60.6.2-1.mga6
firefox-kk-60.6.2-1.mga6
firefox-km-60.6.2-1.mga6
firefox-kn-60.6.2-1.mga6
firefox-ko-60.6.2-1.mga6
firefox-lij-60.6.2-1.mga6
firefox-lt-60.6.2-1.mga6
firefox-lv-60.6.2-1.mga6
firefox-mai-60.6.2-1.mga6
firefox-mk-60.6.2-1.mga6
firefox-ml-60.6.2-1.mga6
firefox-mr-60.6.2-1.mga6
firefox-ms-60.6.2-1.mga6
firefox-nb_NO-60.6.2-1.mga6
firefox-nl-60.6.2-1.mga6
firefox-nn_NO-60.6.2-1.mga6
firefox-or-60.6.2-1.mga6
firefox-pa_IN-60.6.2-1.mga6
firefox-pl-60.6.2-1.mga6
firefox-pt_BR-60.6.2-1.mga6
firefox-pt_PT-60.6.2-1.mga6
firefox-ro-60.6.2-1.mga6
firefox-ru-60.6.2-1.mga6
firefox-si-60.6.2-1.mga6
firefox-sk-60.6.2-1.mga6
firefox-sl-60.6.2-1.mga6
firefox-sq-60.6.2-1.mga6
firefox-sr-60.6.2-1.mga6
firefox-sv_SE-60.6.2-1.mga6
firefox-ta-60.6.2-1.mga6
firefox-te-60.6.2-1.mga6
firefox-th-60.6.2-1.mga6
firefox-tr-60.6.2-1.mga6
firefox-uk-60.6.2-1.mga6
firefox-uz-60.6.2-1.mga6
firefox-vi-60.6.2-1.mga6
firefox-xh-60.6.2-1.mga6
firefox-zh_CN-60.6.2-1.mga6
firefox-zh_TW-60.6.2-1.mga6

from SRPMS:
firefox-60.6.2-1.mga6.src.rpm
firefox-l10n-60.6.2-1.mga6.src.rpm
Comment 5 Thomas Andrews 2019-05-07 19:44:30 CEST 
Ran 64-bit Firefox before getting the update, and saw evidence of the issue. Extensions were not disabled because the signature requirement had been disabled, but the one trusted extension I have that isn't verified by Mozilla was carrying a notice that it wasn't verified and I should proceed with caution.

Updated Firefox and the English language packs, and the notice disappeared. Checked out some other sites, and all was OK.

Normally, I would hold back to wait for other languages to be cleared, but going by the information in Comment 2, that shouldn't be necessary this time.

This is OK for 64-bits.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => andrewsfarm

Comment 6 Dave Hodgins 2019-05-07 19:58:52 CEST 
Advisory committed to svn. Validating the update.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 7 Thomas Andrews 2019-05-07 20:03:24 CEST 
I was checking the 32-bit version, just in case. It's OK, too.

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK

Comment 8 Mageia Robot 2019-05-07 23:39:10 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0029.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 9 katnatek 2019-05-08 19:50:25 CEST 
Mozilla release another updates about this issue

ESR: https://www.mozilla.org/en-US/firefox/60.6.3/releasenotes/
Regular: https://www.mozilla.org/en-US/firefox/66.0.5/releasenotes/
Comment 10 David Walser 2019-05-09 13:33:29 CEST 
*** Bug 24795 has been marked as a duplicate of this bug. ***

CC: (none) => dieter