Mozilla has issued advisories today (February 24): https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/ Corresponding to these CVEs that affect ESR: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836 These were just posted here: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ There is no rootcerts update, but newer nspr (4.10.8) and nss (3.17.4) versions are also available. RedHat has issue an advisory for this today: https://rhn.redhat.com/errata/RHSA-2015-0265.html I'll add their Thunderbird advisory when it is available. Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827). An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file (CVE-2015-0822). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836 https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2015-0265.html ======================== Updated packages in core/updates_testing: ======================== libnspr4-4.10.8-1.mga4 libnspr-devel-4.10.8-1.mga4 nss-3.17.4-1.mga4 nss-doc-3.17.4-1.mga4 libnss3-3.17.4-1.mga4 libnss-devel-3.17.4-1.mga4 libnss-static-devel-3.17.4-1.mga4 firefox-31.5.0-1.mga4 firefox-devel-31.5.0-1.mga4 firefox-af-31.5.0-1.mga4 firefox-ar-31.5.0-1.mga4 firefox-as-31.5.0-1.mga4 firefox-ast-31.5.0-1.mga4 firefox-be-31.5.0-1.mga4 firefox-bg-31.5.0-1.mga4 firefox-bn_IN-31.5.0-1.mga4 firefox-bn_BD-31.5.0-1.mga4 firefox-br-31.5.0-1.mga4 firefox-bs-31.5.0-1.mga4 firefox-ca-31.5.0-1.mga4 firefox-cs-31.5.0-1.mga4 firefox-csb-31.5.0-1.mga4 firefox-cy-31.5.0-1.mga4 firefox-da-31.5.0-1.mga4 firefox-de-31.5.0-1.mga4 firefox-el-31.5.0-1.mga4 firefox-en_GB-31.5.0-1.mga4 firefox-en_ZA-31.5.0-1.mga4 firefox-eo-31.5.0-1.mga4 firefox-es_AR-31.5.0-1.mga4 firefox-es_CL-31.5.0-1.mga4 firefox-es_ES-31.5.0-1.mga4 firefox-es_MX-31.5.0-1.mga4 firefox-et-31.5.0-1.mga4 firefox-eu-31.5.0-1.mga4 firefox-fa-31.5.0-1.mga4 firefox-ff-31.5.0-1.mga4 firefox-fi-31.5.0-1.mga4 firefox-fr-31.5.0-1.mga4 firefox-fy-31.5.0-1.mga4 firefox-ga_IE-31.5.0-1.mga4 firefox-gd-31.5.0-1.mga4 firefox-gl-31.5.0-1.mga4 firefox-gu_IN-31.5.0-1.mga4 firefox-he-31.5.0-1.mga4 firefox-hi-31.5.0-1.mga4 firefox-hr-31.5.0-1.mga4 firefox-hu-31.5.0-1.mga4 firefox-hy-31.5.0-1.mga4 firefox-id-31.5.0-1.mga4 firefox-is-31.5.0-1.mga4 firefox-it-31.5.0-1.mga4 firefox-ja-31.5.0-1.mga4 firefox-kk-31.5.0-1.mga4 firefox-ko-31.5.0-1.mga4 firefox-km-31.5.0-1.mga4 firefox-kn-31.5.0-1.mga4 firefox-ku-31.5.0-1.mga4 firefox-lij-31.5.0-1.mga4 firefox-lt-31.5.0-1.mga4 firefox-lv-31.5.0-1.mga4 firefox-mai-31.5.0-1.mga4 firefox-mk-31.5.0-1.mga4 firefox-ml-31.5.0-1.mga4 firefox-mr-31.5.0-1.mga4 firefox-nb_NO-31.5.0-1.mga4 firefox-nl-31.5.0-1.mga4 firefox-nn_NO-31.5.0-1.mga4 firefox-or-31.5.0-1.mga4 firefox-pa_IN-31.5.0-1.mga4 firefox-pl-31.5.0-1.mga4 firefox-pt_BR-31.5.0-1.mga4 firefox-pt_PT-31.5.0-1.mga4 firefox-ro-31.5.0-1.mga4 firefox-ru-31.5.0-1.mga4 firefox-si-31.5.0-1.mga4 firefox-sk-31.5.0-1.mga4 firefox-sl-31.5.0-1.mga4 firefox-sq-31.5.0-1.mga4 firefox-sr-31.5.0-1.mga4 firefox-sv_SE-31.5.0-1.mga4 firefox-ta-31.5.0-1.mga4 firefox-te-31.5.0-1.mga4 firefox-th-31.5.0-1.mga4 firefox-tr-31.5.0-1.mga4 firefox-uk-31.5.0-1.mga4 firefox-vi-31.5.0-1.mga4 firefox-zh_CN-31.5.0-1.mga4 firefox-zh_TW-31.5.0-1.mga4 firefox-zu-31.5.0-1.mga4 thunderbird-31.5.0-1.mga4 thunderbird-enigmail-31.5.0-1.mga4 nsinstall-31.5.0-1.mga4 thunderbird-ar-31.5.0-1.mga4 thunderbird-ast-31.5.0-1.mga4 thunderbird-be-31.5.0-1.mga4 thunderbird-bg-31.5.0-1.mga4 thunderbird-bn_BD-31.5.0-1.mga4 thunderbird-br-31.5.0-1.mga4 thunderbird-ca-31.5.0-1.mga4 thunderbird-cs-31.5.0-1.mga4 thunderbird-da-31.5.0-1.mga4 thunderbird-de-31.5.0-1.mga4 thunderbird-el-31.5.0-1.mga4 thunderbird-en_GB-31.5.0-1.mga4 thunderbird-es_AR-31.5.0-1.mga4 thunderbird-es_ES-31.5.0-1.mga4 thunderbird-et-31.5.0-1.mga4 thunderbird-eu-31.5.0-1.mga4 thunderbird-fi-31.5.0-1.mga4 thunderbird-fr-31.5.0-1.mga4 thunderbird-fy-31.5.0-1.mga4 thunderbird-ga-31.5.0-1.mga4 thunderbird-gd-31.5.0-1.mga4 thunderbird-gl-31.5.0-1.mga4 thunderbird-he-31.5.0-1.mga4 thunderbird-hr-31.5.0-1.mga4 thunderbird-hu-31.5.0-1.mga4 thunderbird-hy-31.5.0-1.mga4 thunderbird-id-31.5.0-1.mga4 thunderbird-is-31.5.0-1.mga4 thunderbird-it-31.5.0-1.mga4 thunderbird-ja-31.5.0-1.mga4 thunderbird-ko-31.5.0-1.mga4 thunderbird-lt-31.5.0-1.mga4 thunderbird-nb_NO-31.5.0-1.mga4 thunderbird-nl-31.5.0-1.mga4 thunderbird-nn_NO-31.5.0-1.mga4 thunderbird-pl-31.5.0-1.mga4 thunderbird-pa_IN-31.5.0-1.mga4 thunderbird-pt_BR-31.5.0-1.mga4 thunderbird-pt_PT-31.5.0-1.mga4 thunderbird-ro-31.5.0-1.mga4 thunderbird-ru-31.5.0-1.mga4 thunderbird-si-31.5.0-1.mga4 thunderbird-sk-31.5.0-1.mga4 thunderbird-sl-31.5.0-1.mga4 thunderbird-sq-31.5.0-1.mga4 thunderbird-sv_SE-31.5.0-1.mga4 thunderbird-ta_LK-31.5.0-1.mga4 thunderbird-tr-31.5.0-1.mga4 thunderbird-uk-31.5.0-1.mga4 thunderbird-vi-31.5.0-1.mga4 thunderbird-zh_CN-31.5.0-1.mga4 thunderbird-zh_TW-31.5.0-1.mga4 from SRPMS: nspr-4.10.8-1.mga4.src.rpm nss-3.17.4-1.mga4.src.rpm firefox-31.5.0-1.mga4.src.rpm firefox-l10n-31.5.0-1.mga4.src.rpm thunderbird-31.5.0-1.mga4.src.rpm thunderbird-l10n-31.5.0-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Both are working fine for me on Mageia 4 i586.
Whiteboard: (none) => MGA4-32-OK
Testing complete mga4 64 all tests ok. thunderbird (imap, pop3, smtp, search, enigmail, spelling) firefox (flash, https, http, search, bookmarks, spelling)
Whiteboard: MGA4-32-OK => MGA4-32-OK mga4-64-ok
RedHat's Thunderbird advisory is available: https://rhn.redhat.com/errata/RHSA-2015-0266.html Advisory: ======================== Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827). An information leak flaw was found in the way Firefox and Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file (CVE-2015-0822). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836 https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2015-0265.html https://rhn.redhat.com/errata/RHSA-2015-0266.html
URL: (none) => http://lwn.net/Vulnerabilities/634775/
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0089.html
Status: NEW => RESOLVEDResolution: (none) => FIXED