Bug 24976

Suggested advisory:
========================

The updated packages fix a security vulnerability that's being exploited in the wild:

Type confusion in Array.pop. (CVE-2019-11707)

References:
https://www.mozilla.org/en-US/firefox/60.7.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707
========================

Updated packages in core/updates_testing:
========================
firefox-60.7.1-1.mga6
firefox-devel-60.7.1-1.mga6
firefox-af-60.7.1-1.mga6
firefox-an-60.7.1-1.mga6
firefox-ar-60.7.1-1.mga6
firefox-as-60.7.1-1.mga6
firefox-ast-60.7.1-1.mga6
firefox-az-60.7.1-1.mga6
firefox-bg-60.7.1-1.mga6
firefox-bn_IN-60.7.1-1.mga6
firefox-bn_BD-60.7.1-1.mga6
firefox-br-60.7.1-1.mga6
firefox-bs-60.7.1-1.mga6
firefox-ca-60.7.1-1.mga6
firefox-cs-60.7.1-1.mga6
firefox-cy-60.7.1-1.mga6
firefox-da-60.7.1-1.mga6
firefox-de-60.7.1-1.mga6
firefox-el-60.7.1-1.mga6
firefox-en_GB-60.7.1-1.mga6
firefox-en_US-60.7.1-1.mga6
firefox-en_ZA-60.7.1-1.mga6
firefox-eo-60.7.1-1.mga6
firefox-es_AR-60.7.1-1.mga6 
firefox-es_CL-60.7.1-1.mga6 
firefox-es_ES-60.7.1-1.mga6 
firefox-es_MX-60.7.1-1.mga6 
firefox-et-60.7.1-1.mga6 
firefox-eu-60.7.1-1.mga6 
firefox-fa-60.7.1-1.mga6 
firefox-ff-60.7.1-1.mga6 
firefox-fi-60.7.1-1.mga6 
firefox-fr-60.7.1-1.mga6 
firefox-fy_NL-60.7.1-1.mga6 
firefox-ga_IE-60.7.1-1.mga6 
firefox-gd-60.7.1-1.mga6 
firefox-gl-60.7.1-1.mga6 
firefox-gu_IN-60.7.1-1.mga6 
firefox-he-60.7.1-1.mga6 
firefox-hi_IN-60.7.1-1.mga6
firefox-hr-60.7.1-1.mga6 
firefox-hsb-60.7.1-1.mga6 
firefox-hu-60.7.1-1.mga6 
firefox-hy_AM-60.7.1-1.mga6 
firefox-id-60.7.1-1.mga6 
firefox-is-60.7.1-1.mga6 
firefox-it-60.7.1-1.mga6 
firefox-ja-60.7.1-1.mga6 
firefox-kk-60.7.1-1.mga6 
firefox-km-60.7.1-1.mga6 
firefox-kn-60.7.1-1.mga6 
firefox-ko-60.7.1-1.mga6 
firefox-lij-60.7.1-1.mga6 
firefox-lt-60.7.1-1.mga6 
firefox-lv-60.7.1-1.mga6 
firefox-mai-60.7.1-1.mga6 
firefox-mk-60.7.1-1.mga6 
firefox-ml-60.7.1-1.mga6 
firefox-mr-60.7.1-1.mga6 
firefox-ms-60.7.1-1.mga6 
firefox-nb_NO-60.7.1-1.mga6 
firefox-nl-60.7.1-1.mga6 
firefox-nn_NO-60.7.1-1.mga6 
firefox-or-60.7.1-1.mga6 
firefox-pa_IN-60.7.1-1.mga6 
firefox-pl-60.7.1-1.mga6 
firefox-pt_BR-60.7.1-1.mga6 
firefox-pt_PT-60.7.1-1.mga6 
firefox-ro-60.7.1-1.mga6 
firefox-ru-60.7.1-1.mga6 
firefox-si-60.7.1-1.mga6 
firefox-sk-60.7.1-1.mga6 
firefox-sl-60.7.1-1.mga6 
firefox-sq-60.7.1-1.mga6 
firefox-sr-60.7.1-1.mga6 
firefox-sv_SE-60.7.1-1.mga6 
firefox-ta-60.7.1-1.mga6 
firefox-te-60.7.1-1.mga6 
firefox-th-60.7.1-1.mga6 
firefox-tr-60.7.1-1.mga6 
firefox-uk-60.7.1-1.mga6 
firefox-uz-60.7.1-1.mga6 
firefox-vi-60.7.1-1.mga6 
firefox-xh-60.7.1-1.mga6 
firefox-zh_CN-60.7.1-1.mga6 
firefox-zh_TW-60.7.1-1.mga6

from SRPMS:
firefox-60.7.1-1.mga6.src.rpm
firefox-l10n-60.7.1-1.mga6.src.rpm

Source RPM: firefox => firefox, firefox-l10n
CVE: (none) => CVE-2019-11707
Version: Cauldron => 6
Assignee: thierry.vignaud => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA7TOO, MGA6TOO => (none)
CC: (none) => nicolas.salguero

on mga6-64 plasma

packages installed cleanly:
- firefox-60.7.1-1.mga6.x86_64
- firefox-en_GB-60.7.1-1.mga6.noarch

no regressions observed 
looks OK for mga6-64 on this system:

Machine:   Device: desktop System: Dell product: Precision Tower 3620
           Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.12.0
CPU:       Quad core Intel Core i7-6700 (-HT-MCP-)
Graphics:  Card: Intel HD Graphics 530

CC: (none) => jim

On mga6-32 Plasma, using the server kernel

Packages installed cleanly, no issues observed.

HP Probook 6550b, i3, 8GB, Intel graphics, Intel wifi.

Looks OK for 32-bit here.

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
CC: (none) => andrewsfarm

Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0198.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED