Firefox 45.5.1 has been released on November 30: https://www.mozilla.org/en-US/firefox/45.5.1/releasenotes/ It fixes one security issue: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ We will be updating nss with this too: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27.2_release_notes
URL: (none) => https://lwn.net/Vulnerabilities/707838/
RedHat has issued an advisory for this today (December 1): https://rhn.redhat.com/errata/RHSA-2016-2843.html Advisory for our update once it's built is below. Advisory: ======================== Updated firefox packages fix security vulnerability: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-9079). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://rhn.redhat.com/errata/RHSA-2016-2843.html ================ Updated packages in core/updates_testing: ================ nss-3.27.2-1.mga5 nss-doc-3.27.2-1.mga5 libnss3-3.27.2-1.mga5 libnss-devel-3.27.2-1.mga5 libnss-static-devel-3.27.2-1.mga5 firefox-45.5.1-1.mga5 firefox-af-45.5.1-1.mga5 firefox-an-45.5.1-1.mga5 firefox-ar-45.5.1-1.mga5 firefox-as-45.5.1-1.mga5 firefox-ast-45.5.1-1.mga5 firefox-az-45.5.1-1.mga5 firefox-be-45.5.1-1.mga5 firefox-bg-45.5.1-1.mga5 firefox-bn_BD-45.5.1-1.mga5 firefox-bn_IN-45.5.1-1.mga5 firefox-br-45.5.1-1.mga5 firefox-bs-45.5.1-1.mga5 firefox-ca-45.5.1-1.mga5 firefox-cs-45.5.1-1.mga5 firefox-cy-45.5.1-1.mga5 firefox-da-45.5.1-1.mga5 firefox-de-45.5.1-1.mga5 firefox-devel-45.5.1-1.mga5 firefox-el-45.5.1-1.mga5 firefox-en_GB-45.5.1-1.mga5 firefox-en_US-45.5.1-1.mga5 firefox-en_ZA-45.5.1-1.mga5 firefox-eo-45.5.1-1.mga5 firefox-es_AR-45.5.1-1.mga5 firefox-es_CL-45.5.1-1.mga5 firefox-es_ES-45.5.1-1.mga5 firefox-es_MX-45.5.1-1.mga5 firefox-et-45.5.1-1.mga5 firefox-eu-45.5.1-1.mga5 firefox-fa-45.5.1-1.mga5 firefox-ff-45.5.1-1.mga5 firefox-fi-45.5.1-1.mga5 firefox-fr-45.5.1-1.mga5 firefox-fy_NL-45.5.1-1.mga5 firefox-ga_IE-45.5.1-1.mga5 firefox-gd-45.5.1-1.mga5 firefox-gl-45.5.1-1.mga5 firefox-gu_IN-45.5.1-1.mga5 firefox-he-45.5.1-1.mga5 firefox-hi_IN-45.5.1-1.mga5 firefox-hr-45.5.1-1.mga5 firefox-hsb-45.5.1-1.mga5 firefox-hu-45.5.1-1.mga5 firefox-hy_AM-45.5.1-1.mga5 firefox-id-45.5.1-1.mga5 firefox-is-45.5.1-1.mga5 firefox-it-45.5.1-1.mga5 firefox-ja-45.5.1-1.mga5 firefox-kk-45.5.1-1.mga5 firefox-km-45.5.1-1.mga5 firefox-kn-45.5.1-1.mga5 firefox-ko-45.5.1-1.mga5 firefox-lij-45.5.1-1.mga5 firefox-lt-45.5.1-1.mga5 firefox-lv-45.5.1-1.mga5 firefox-mai-45.5.1-1.mga5 firefox-mk-45.5.1-1.mga5 firefox-ml-45.5.1-1.mga5 firefox-mr-45.5.1-1.mga5 firefox-ms-45.5.1-1.mga5 firefox-nb_NO-45.5.1-1.mga5 firefox-nl-45.5.1-1.mga5 firefox-nn_NO-45.5.1-1.mga5 firefox-or-45.5.1-1.mga5 firefox-pa_IN-45.5.1-1.mga5 firefox-pl-45.5.1-1.mga5 firefox-pt_BR-45.5.1-1.mga5 firefox-pt_PT-45.5.1-1.mga5 firefox-ro-45.5.1-1.mga5 firefox-ru-45.5.1-1.mga5 firefox-si-45.5.1-1.mga5 firefox-sk-45.5.1-1.mga5 firefox-sl-45.5.1-1.mga5 firefox-sq-45.5.1-1.mga5 firefox-sr-45.5.1-1.mga5 firefox-sv_SE-45.5.1-1.mga5 firefox-ta-45.5.1-1.mga5 firefox-te-45.5.1-1.mga5 firefox-th-45.5.1-1.mga5 firefox-tr-45.5.1-1.mga5 firefox-uk-45.5.1-1.mga5 firefox-uz-45.5.1-1.mga5 firefox-vi-45.5.1-1.mga5 firefox-xh-45.5.1-1.mga5 firefox-zh_CN-45.5.1-1.mga5 firefox-zh_TW-45.5.1-1.mga5 from SRPMS: nss-3.27.2-1.mga5.src.rpm firefox-45.5.1-1.mga5.src.rpm firefox-l10n-45.5.1-1.mga5.src.rpm
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ says thunderbird is also affected. Do we need a separate bug report or can we handle thunderbird in the current one?
CC: (none) => nicolas.salguero
(In reply to Nicolas Salguero from comment #2) > https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ says > thunderbird is also affected. Do we need a separate bug report or can we > handle thunderbird in the current one? We always handle them separately now. I can no longer update Thunderbird myself. Lightning is bundled, but Mozilla screwed up and the l10n files for it are not in the tarball, so those have to be obtained directly from their VCS. Florian has usually handled it, but he has dropped the ball this time, so someone else needs to do it. Thunderbird is in Bug 19815.
Updated packages uploaded for Mageia 5 and Cauldron. Advisory and package list in Comment 1.
Assignee: bugsquad => qa-bugs
Working fine on Mageia 5 x86_64.
Whiteboard: (none) => MGA5-64-OK
Linux localhost 4.4.32-desktop-1.mga5 #1 SMP Tue Nov 15 10:10:27 UTC 2016 i686 i686 i686 GNU/Linux To satisfy dependencies, the following package(s) also need to be installed: - firefox-en_GB-45.5.1-1.mga5.noarch - firefox-en_ZA-45.5.1-1.mga5.noarch - libnss3-3.27.2-1.mga5.i586 15KB of additional disk space will be used. Tested various sites I access. It appears to be working fine.
CC: (none) => brtians1Whiteboard: MGA5-64-OK => MGA5-64-OK MGA-32-OK
Whiteboard: MGA5-64-OK MGA-32-OK => MGA5-64-OK MGA5-32-OK
updated to firefox-45.5.1-1.mga5 dependencies: firefox-en_GB-45.5.1-1.mga5.noarch firefox-en_ZA-45.5.1-1.mga5.noarch libnss3-3.27.2-1.mga5.i586 needed to add flash-player-plugin for some sites tested ok
CC: (none) => westel
updated : firefox 45.5.1 1.mga5 x86_64 firefox-en_GB 45.5.1 1.mga5 noarch firefox-en_ZA 45.5.1 1.mga5 noarch lib64nss3 3.27.2 1.mga5 x86_64 (added also flash-player-plugin-11.2.202.644-1.mga5.nonfree.x86_64.rpm) accessed various websites - ok
Keywords: (none) => validated_updateCC: (none) => youpburden, sysadmin-bugs
Advisory uploaded.
CC: (none) => lewyssmithWhiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0410.html
Status: NEW => RESOLVEDResolution: (none) => FIXED