RedHat has issued advisories on April 29: https://rhn.redhat.com/errata/RHSA-2014-0448.html https://rhn.redhat.com/errata/RHSA-2014-0449.html Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531). A use-after-free flaw was found in the way Firefox and Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or Thunderbird or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1532). An out-of-bounds read flaw was found in the way Firefox and Thunderbird decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox or Thunderbird to crash (CVE-2014-1523). A flaw was found in the way Firefox and Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks (CVE-2014-1530). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532 http://www.mozilla.org/security/announce/2014/mfsa2014-34.html http://www.mozilla.org/security/announce/2014/mfsa2014-37.html http://www.mozilla.org/security/announce/2014/mfsa2014-38.html http://www.mozilla.org/security/announce/2014/mfsa2014-42.html http://www.mozilla.org/security/announce/2014/mfsa2014-43.html http://www.mozilla.org/security/announce/2014/mfsa2014-44.html http://www.mozilla.org/security/announce/2014/mfsa2014-46.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://rhn.redhat.com/errata/RHSA-2014-0448.html https://rhn.redhat.com/errata/RHSA-2014-0449.html ======================== Updated packages in core/updates_testing: ======================== firefox-24.5.0-1.mga3 firefox-devel-24.5.0-1.mga3 firefox-af-24.5.0-1.mga3 firefox-ar-24.5.0-1.mga3 firefox-as-24.5.0-1.mga3 firefox-ast-24.5.0-1.mga3 firefox-be-24.5.0-1.mga3 firefox-bg-24.5.0-1.mga3 firefox-bn_IN-24.5.0-1.mga3 firefox-bn_BD-24.5.0-1.mga3 firefox-br-24.5.0-1.mga3 firefox-bs-24.5.0-1.mga3 firefox-ca-24.5.0-1.mga3 firefox-cs-24.5.0-1.mga3 firefox-csb-24.5.0-1.mga3 firefox-cy-24.5.0-1.mga3 firefox-da-24.5.0-1.mga3 firefox-de-24.5.0-1.mga3 firefox-el-24.5.0-1.mga3 firefox-en_GB-24.5.0-1.mga3 firefox-en_ZA-24.5.0-1.mga3 firefox-eo-24.5.0-1.mga3 firefox-es_AR-24.5.0-1.mga3 firefox-es_CL-24.5.0-1.mga3 firefox-es_ES-24.5.0-1.mga3 firefox-es_MX-24.5.0-1.mga3 firefox-et-24.5.0-1.mga3 firefox-eu-24.5.0-1.mga3 firefox-fa-24.5.0-1.mga3 firefox-ff-24.5.0-1.mga3 firefox-fi-24.5.0-1.mga3 firefox-fr-24.5.0-1.mga3 firefox-fy-24.5.0-1.mga3 firefox-ga_IE-24.5.0-1.mga3 firefox-gd-24.5.0-1.mga3 firefox-gl-24.5.0-1.mga3 firefox-gu_IN-24.5.0-1.mga3 firefox-he-24.5.0-1.mga3 firefox-hi-24.5.0-1.mga3 firefox-hr-24.5.0-1.mga3 firefox-hu-24.5.0-1.mga3 firefox-hy-24.5.0-1.mga3 firefox-id-24.5.0-1.mga3 firefox-is-24.5.0-1.mga3 firefox-it-24.5.0-1.mga3 firefox-ja-24.5.0-1.mga3 firefox-kk-24.5.0-1.mga3 firefox-ko-24.5.0-1.mga3 firefox-km-24.5.0-1.mga3 firefox-kn-24.5.0-1.mga3 firefox-ku-24.5.0-1.mga3 firefox-lg-24.5.0-1.mga3 firefox-lij-24.5.0-1.mga3 firefox-lt-24.5.0-1.mga3 firefox-lv-24.5.0-1.mga3 firefox-mai-24.5.0-1.mga3 firefox-mk-24.5.0-1.mga3 firefox-ml-24.5.0-1.mga3 firefox-mr-24.5.0-1.mga3 firefox-nb_NO-24.5.0-1.mga3 firefox-nl-24.5.0-1.mga3 firefox-nn_NO-24.5.0-1.mga3 firefox-nso-24.5.0-1.mga3 firefox-or-24.5.0-1.mga3 firefox-pa_IN-24.5.0-1.mga3 firefox-pl-24.5.0-1.mga3 firefox-pt_BR-24.5.0-1.mga3 firefox-pt_PT-24.5.0-1.mga3 firefox-ro-24.5.0-1.mga3 firefox-ru-24.5.0-1.mga3 firefox-si-24.5.0-1.mga3 firefox-sk-24.5.0-1.mga3 firefox-sl-24.5.0-1.mga3 firefox-sq-24.5.0-1.mga3 firefox-sr-24.5.0-1.mga3 firefox-sv_SE-24.5.0-1.mga3 firefox-ta-24.5.0-1.mga3 firefox-ta_LK-24.5.0-1.mga3 firefox-te-24.5.0-1.mga3 firefox-th-24.5.0-1.mga3 firefox-tr-24.5.0-1.mga3 firefox-uk-24.5.0-1.mga3 firefox-vi-24.5.0-1.mga3 firefox-zh_CN-24.5.0-1.mga3 firefox-zh_TW-24.5.0-1.mga3 firefox-zu-24.5.0-1.mga3 thunderbird-24.5.0-1.mga3 thunderbird-enigmail-24.5.0-1.mga3 nsinstall-24.5.0-1.mga3 thunderbird-ar-24.5.0-1.mga3 thunderbird-ast-24.5.0-1.mga3 thunderbird-be-24.5.0-1.mga3 thunderbird-bg-24.5.0-1.mga3 thunderbird-bn_BD-24.5.0-1.mga3 thunderbird-br-24.5.0-1.mga3 thunderbird-ca-24.5.0-1.mga3 thunderbird-cs-24.5.0-1.mga3 thunderbird-da-24.5.0-1.mga3 thunderbird-de-24.5.0-1.mga3 thunderbird-el-24.5.0-1.mga3 thunderbird-en_GB-24.5.0-1.mga3 thunderbird-es_AR-24.5.0-1.mga3 thunderbird-es_ES-24.5.0-1.mga3 thunderbird-et-24.5.0-1.mga3 thunderbird-eu-24.5.0-1.mga3 thunderbird-fi-24.5.0-1.mga3 thunderbird-fr-24.5.0-1.mga3 thunderbird-fy-24.5.0-1.mga3 thunderbird-ga-24.5.0-1.mga3 thunderbird-gd-24.5.0-1.mga3 thunderbird-gl-24.5.0-1.mga3 thunderbird-he-24.5.0-1.mga3 thunderbird-hr-24.5.0-1.mga3 thunderbird-hu-24.5.0-1.mga3 thunderbird-hy-24.5.0-1.mga3 thunderbird-id-24.5.0-1.mga3 thunderbird-is-24.5.0-1.mga3 thunderbird-it-24.5.0-1.mga3 thunderbird-ja-24.5.0-1.mga3 thunderbird-ko-24.5.0-1.mga3 thunderbird-lt-24.5.0-1.mga3 thunderbird-nb_NO-24.5.0-1.mga3 thunderbird-nl-24.5.0-1.mga3 thunderbird-nn_NO-24.5.0-1.mga3 thunderbird-pl-24.5.0-1.mga3 thunderbird-pa_IN-24.5.0-1.mga3 thunderbird-pt_BR-24.5.0-1.mga3 thunderbird-pt_PT-24.5.0-1.mga3 thunderbird-ro-24.5.0-1.mga3 thunderbird-ru-24.5.0-1.mga3 thunderbird-si-24.5.0-1.mga3 thunderbird-sk-24.5.0-1.mga3 thunderbird-sl-24.5.0-1.mga3 thunderbird-sq-24.5.0-1.mga3 thunderbird-sv_SE-24.5.0-1.mga3 thunderbird-ta_LK-24.5.0-1.mga3 thunderbird-tr-24.5.0-1.mga3 thunderbird-uk-24.5.0-1.mga3 thunderbird-vi-24.5.0-1.mga3 thunderbird-zh_CN-24.5.0-1.mga3 thunderbird-zh_TW-24.5.0-1.mga3 firefox-24.5.0-1.mga4 firefox-devel-24.5.0-1.mga4 firefox-af-24.5.0-1.mga4 firefox-ar-24.5.0-1.mga4 firefox-as-24.5.0-1.mga4 firefox-ast-24.5.0-1.mga4 firefox-be-24.5.0-1.mga4 firefox-bg-24.5.0-1.mga4 firefox-bn_IN-24.5.0-1.mga4 firefox-bn_BD-24.5.0-1.mga4 firefox-br-24.5.0-1.mga4 firefox-bs-24.5.0-1.mga4 firefox-ca-24.5.0-1.mga4 firefox-cs-24.5.0-1.mga4 firefox-csb-24.5.0-1.mga4 firefox-cy-24.5.0-1.mga4 firefox-da-24.5.0-1.mga4 firefox-de-24.5.0-1.mga4 firefox-el-24.5.0-1.mga4 firefox-en_GB-24.5.0-1.mga4 firefox-en_ZA-24.5.0-1.mga4 firefox-eo-24.5.0-1.mga4 firefox-es_AR-24.5.0-1.mga4 firefox-es_CL-24.5.0-1.mga4 firefox-es_ES-24.5.0-1.mga4 firefox-es_MX-24.5.0-1.mga4 firefox-et-24.5.0-1.mga4 firefox-eu-24.5.0-1.mga4 firefox-fa-24.5.0-1.mga4 firefox-ff-24.5.0-1.mga4 firefox-fi-24.5.0-1.mga4 firefox-fr-24.5.0-1.mga4 firefox-fy-24.5.0-1.mga4 firefox-ga_IE-24.5.0-1.mga4 firefox-gd-24.5.0-1.mga4 firefox-gl-24.5.0-1.mga4 firefox-gu_IN-24.5.0-1.mga4 firefox-he-24.5.0-1.mga4 firefox-hi-24.5.0-1.mga4 firefox-hr-24.5.0-1.mga4 firefox-hu-24.5.0-1.mga4 firefox-hy-24.5.0-1.mga4 firefox-id-24.5.0-1.mga4 firefox-is-24.5.0-1.mga4 firefox-it-24.5.0-1.mga4 firefox-ja-24.5.0-1.mga4 firefox-kk-24.5.0-1.mga4 firefox-ko-24.5.0-1.mga4 firefox-km-24.5.0-1.mga4 firefox-kn-24.5.0-1.mga4 firefox-ku-24.5.0-1.mga4 firefox-lg-24.5.0-1.mga4 firefox-lij-24.5.0-1.mga4 firefox-lt-24.5.0-1.mga4 firefox-lv-24.5.0-1.mga4 firefox-mai-24.5.0-1.mga4 firefox-mk-24.5.0-1.mga4 firefox-ml-24.5.0-1.mga4 firefox-mr-24.5.0-1.mga4 firefox-nb_NO-24.5.0-1.mga4 firefox-nl-24.5.0-1.mga4 firefox-nn_NO-24.5.0-1.mga4 firefox-nso-24.5.0-1.mga4 firefox-or-24.5.0-1.mga4 firefox-pa_IN-24.5.0-1.mga4 firefox-pl-24.5.0-1.mga4 firefox-pt_BR-24.5.0-1.mga4 firefox-pt_PT-24.5.0-1.mga4 firefox-ro-24.5.0-1.mga4 firefox-ru-24.5.0-1.mga4 firefox-si-24.5.0-1.mga4 firefox-sk-24.5.0-1.mga4 firefox-sl-24.5.0-1.mga4 firefox-sq-24.5.0-1.mga4 firefox-sr-24.5.0-1.mga4 firefox-sv_SE-24.5.0-1.mga4 firefox-ta-24.5.0-1.mga4 firefox-ta_LK-24.5.0-1.mga4 firefox-te-24.5.0-1.mga4 firefox-th-24.5.0-1.mga4 firefox-tr-24.5.0-1.mga4 firefox-uk-24.5.0-1.mga4 firefox-vi-24.5.0-1.mga4 firefox-zh_CN-24.5.0-1.mga4 firefox-zh_TW-24.5.0-1.mga4 firefox-zu-24.5.0-1.mga4 thunderbird-24.5.0-1.mga4 thunderbird-enigmail-24.5.0-1.mga4 nsinstall-24.5.0-1.mga4 thunderbird-ar-24.5.0-1.mga4 thunderbird-ast-24.5.0-1.mga4 thunderbird-be-24.5.0-1.mga4 thunderbird-bg-24.5.0-1.mga4 thunderbird-bn_BD-24.5.0-1.mga4 thunderbird-br-24.5.0-1.mga4 thunderbird-ca-24.5.0-1.mga4 thunderbird-cs-24.5.0-1.mga4 thunderbird-da-24.5.0-1.mga4 thunderbird-de-24.5.0-1.mga4 thunderbird-el-24.5.0-1.mga4 thunderbird-en_GB-24.5.0-1.mga4 thunderbird-es_AR-24.5.0-1.mga4 thunderbird-es_ES-24.5.0-1.mga4 thunderbird-et-24.5.0-1.mga4 thunderbird-eu-24.5.0-1.mga4 thunderbird-fi-24.5.0-1.mga4 thunderbird-fr-24.5.0-1.mga4 thunderbird-fy-24.5.0-1.mga4 thunderbird-ga-24.5.0-1.mga4 thunderbird-gd-24.5.0-1.mga4 thunderbird-gl-24.5.0-1.mga4 thunderbird-he-24.5.0-1.mga4 thunderbird-hr-24.5.0-1.mga4 thunderbird-hu-24.5.0-1.mga4 thunderbird-hy-24.5.0-1.mga4 thunderbird-id-24.5.0-1.mga4 thunderbird-is-24.5.0-1.mga4 thunderbird-it-24.5.0-1.mga4 thunderbird-ja-24.5.0-1.mga4 thunderbird-ko-24.5.0-1.mga4 thunderbird-lt-24.5.0-1.mga4 thunderbird-nb_NO-24.5.0-1.mga4 thunderbird-nl-24.5.0-1.mga4 thunderbird-nn_NO-24.5.0-1.mga4 thunderbird-pl-24.5.0-1.mga4 thunderbird-pa_IN-24.5.0-1.mga4 thunderbird-pt_BR-24.5.0-1.mga4 thunderbird-pt_PT-24.5.0-1.mga4 thunderbird-ro-24.5.0-1.mga4 thunderbird-ru-24.5.0-1.mga4 thunderbird-si-24.5.0-1.mga4 thunderbird-sk-24.5.0-1.mga4 thunderbird-sl-24.5.0-1.mga4 thunderbird-sq-24.5.0-1.mga4 thunderbird-sv_SE-24.5.0-1.mga4 thunderbird-ta_LK-24.5.0-1.mga4 thunderbird-tr-24.5.0-1.mga4 thunderbird-uk-24.5.0-1.mga4 thunderbird-vi-24.5.0-1.mga4 thunderbird-zh_CN-24.5.0-1.mga4 thunderbird-zh_TW-24.5.0-1.mga4 from SRPMS: firefox-24.5.0-1.mga3.src.rpm firefox-l10n-24.5.0-1.mga3.src.rpm thunderbird-24.5.0-1.mga3.src.rpm thunderbird-l10n-24.5.0-1.mga3.src.rpm firefox-24.5.0-1.mga4.src.rpm firefox-l10n-24.5.0-1.mga4.src.rpm thunderbird-24.5.0-1.mga4.src.rpm thunderbird-l10n-24.5.0-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Usual tests, mga4-64 Firefox: general browsing, sunspider for javascript, javatester.org version to test java plugin, acid3, youtube for flash, all OK. Thunderbird: send/receive/move/delete mail on imap/smtp all OK.
CC: (none) => wrw105Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok
tested mga3-64 as above, all OK. If nobody beats me to them, I'll take a look at the 32-bits when I get home from work tomorrow, some time after the meeting.
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok
I did the same tests as you did, Bill on mga4-32. Perfectly working for me.
CC: (none) => filorin.mageiaWhiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok
Thanks for the hand, Guillame! Tested mga3-32 as above, all OK. We just need the advisory uploaded to svn for validation.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok => MGA3TOO has_procedure advisory mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0201.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED