Mozilla has released Firefox 45.3.0 on August 2: https://www.mozilla.org/en-US/firefox/45.3.0/releasenotes/ They have also released nss 3.26 today (August 5) with a rootcerts update: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.26_release_notes Everything is updated in SVN. Freeze push requested for Cauldron. RedHat has issued an advisory for Firefox on August 3: https://rhn.redhat.com/errata/RHSA-2016-1551.html Advisory for update-to-come to follow.
Advisory: ================ Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5254 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265 https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://rhn.redhat.com/errata/RHSA-2016-1551.html
Package list will be as follows. Updated packages in core/updates_testing: ================ rootcerts-20160805.00-1.mga5 rootcerts-java-20160805.00-1.mga5 nss-3.26.0-1.mga5 nss-doc-3.26.0-1.mga5 libnss3-3.26.0-1.mga5 libnss-devel-3.26.0-1.mga5 libnss-static-devel-3.26.0-1.mga5 firefox-45.3.0-1.mga5 firefox-af-45.3.0-1.mga5 firefox-an-45.3.0-1.mga5 firefox-ar-45.3.0-1.mga5 firefox-as-45.3.0-1.mga5 firefox-ast-45.3.0-1.mga5 firefox-az-45.3.0-1.mga5 firefox-be-45.3.0-1.mga5 firefox-bg-45.3.0-1.mga5 firefox-bn_BD-45.3.0-1.mga5 firefox-bn_IN-45.3.0-1.mga5 firefox-br-45.3.0-1.mga5 firefox-bs-45.3.0-1.mga5 firefox-ca-45.3.0-1.mga5 firefox-cs-45.3.0-1.mga5 firefox-cy-45.3.0-1.mga5 firefox-da-45.3.0-1.mga5 firefox-de-45.3.0-1.mga5 firefox-devel-45.3.0-2.mga5 firefox-el-45.3.0-1.mga5 firefox-en_GB-45.3.0-1.mga5 firefox-en_US-45.3.0-1.mga5 firefox-en_ZA-45.3.0-1.mga5 firefox-eo-45.3.0-1.mga5 firefox-es_AR-45.3.0-1.mga5 firefox-es_CL-45.3.0-1.mga5 firefox-es_ES-45.3.0-1.mga5 firefox-es_MX-45.3.0-1.mga5 firefox-et-45.3.0-1.mga5 firefox-eu-45.3.0-1.mga5 firefox-fa-45.3.0-1.mga5 firefox-ff-45.3.0-1.mga5 firefox-fi-45.3.0-1.mga5 firefox-fr-45.3.0-1.mga5 firefox-fy_NL-45.3.0-1.mga5 firefox-ga_IE-45.3.0-1.mga5 firefox-gd-45.3.0-1.mga5 firefox-gl-45.3.0-1.mga5 firefox-gu_IN-45.3.0-1.mga5 firefox-he-45.3.0-1.mga5 firefox-hi_IN-45.3.0-1.mga5 firefox-hr-45.3.0-1.mga5 firefox-hsb-45.3.0-1.mga5 firefox-hu-45.3.0-1.mga5 firefox-hy_AM-45.3.0-1.mga5 firefox-id-45.3.0-1.mga5 firefox-is-45.3.0-1.mga5 firefox-it-45.3.0-1.mga5 firefox-ja-45.3.0-1.mga5 firefox-kk-45.3.0-1.mga5 firefox-km-45.3.0-1.mga5 firefox-kn-45.3.0-1.mga5 firefox-ko-45.3.0-1.mga5 firefox-lij-45.3.0-1.mga5 firefox-lt-45.3.0-1.mga5 firefox-lv-45.3.0-1.mga5 firefox-mai-45.3.0-1.mga5 firefox-mk-45.3.0-1.mga5 firefox-ml-45.3.0-1.mga5 firefox-mr-45.3.0-1.mga5 firefox-ms-45.3.0-1.mga5 firefox-nb_NO-45.3.0-1.mga5 firefox-nl-45.3.0-1.mga5 firefox-nn_NO-45.3.0-1.mga5 firefox-or-45.3.0-1.mga5 firefox-pa_IN-45.3.0-1.mga5 firefox-pl-45.3.0-1.mga5 firefox-pt_BR-45.3.0-1.mga5 firefox-pt_PT-45.3.0-1.mga5 firefox-ro-45.3.0-1.mga5 firefox-ru-45.3.0-1.mga5 firefox-si-45.3.0-1.mga5 firefox-sk-45.3.0-1.mga5 firefox-sl-45.3.0-1.mga5 firefox-sq-45.3.0-1.mga5 firefox-sr-45.3.0-1.mga5 firefox-sv_SE-45.3.0-1.mga5 firefox-ta-45.3.0-1.mga5 firefox-te-45.3.0-1.mga5 firefox-th-45.3.0-1.mga5 firefox-tr-45.3.0-1.mga5 firefox-uk-45.3.0-1.mga5 firefox-uz-45.3.0-1.mga5 firefox-vi-45.3.0-1.mga5 firefox-xh-45.3.0-1.mga5 firefox-zh_CN-45.3.0-1.mga5 firefox-zh_TW-45.3.0-1.mga5 from SRPMS: rootcerts-20160805.00-1.mga5.src.rpm nss-3.26.0-1.mga5.src.rpm firefox-45.3.0-1.mga5.src.rpm firefox-l10n-45.3.0-1.mga5.src.rpm
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Packages submitted to build system, should be available within a couple of hours. Advisory in Comment 1, package list in Comment 2.
Assignee: pkg-bugs => qa-bugs
tested mga5-64 General browsing, javatester, acid3, jetstream, flash game for flash, video on youtube, all OK.
CC: (none) => wrw105Whiteboard: (none) => has_procedure mga4-64-ok
Whiteboard: has_procedure mga4-64-ok => has_procedure mga5-64-ok
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
Mageia 5 i586 also works fine.
URL: (none) => http://lwn.net/Vulnerabilities/696206/Whiteboard: has_procedure mga5-64-ok advisory => has_procedure mga5-32-ok mga5-64-ok advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0278.html
Status: NEW => RESOLVEDResolution: (none) => FIXED