RedHat has issued an advisory today (June 14): https://rhn.redhat.com/errata/RHSA-2017-1440.html Upstream MFSA: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ I'm also updating nspr to 4.15 with this update. Packages uploaded for Cauldron and building for Mageia 5 now.
Advisory: ======================== Updated firefox packages fix security issues: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778 https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://rhn.redhat.com/errata/RHSA-2017-1440.html ======================== Updated packages in core/updates_testing: ======================== libnspr4-4.15-1.mga5 libnspr-devel-4.15-1.mga5 firefox-52.2.0-1.mga5 firefox-devel-52.2.0-1.mga5 firefox-af-52.2.0-1.mga5 firefox-an-52.2.0-1.mga5 firefox-ar-52.2.0-1.mga5 firefox-as-52.2.0-1.mga5 firefox-ast-52.2.0-1.mga5 firefox-az-52.2.0-1.mga5 firefox-bg-52.2.0-1.mga5 firefox-bn_IN-52.2.0-1.mga5 firefox-bn_BD-52.2.0-1.mga5 firefox-br-52.2.0-1.mga5 firefox-bs-52.2.0-1.mga5 firefox-ca-52.2.0-1.mga5 firefox-cs-52.2.0-1.mga5 firefox-cy-52.2.0-1.mga5 firefox-da-52.2.0-1.mga5 firefox-de-52.2.0-1.mga5 firefox-el-52.2.0-1.mga5 firefox-en_GB-52.2.0-1.mga5 firefox-en_US-52.2.0-1.mga5 firefox-en_ZA-52.2.0-1.mga5 firefox-eo-52.2.0-1.mga5 firefox-es_AR-52.2.0-1.mga5 firefox-es_CL-52.2.0-1.mga5 firefox-es_ES-52.2.0-1.mga5 firefox-es_MX-52.2.0-1.mga5 firefox-et-52.2.0-1.mga5 firefox-eu-52.2.0-1.mga5 firefox-fa-52.2.0-1.mga5 firefox-ff-52.2.0-1.mga5 firefox-fi-52.2.0-1.mga5 firefox-fr-52.2.0-1.mga5 firefox-fy_NL-52.2.0-1.mga5 firefox-ga_IE-52.2.0-1.mga5 firefox-gd-52.2.0-1.mga5 firefox-gl-52.2.0-1.mga5 firefox-gu_IN-52.2.0-1.mga5 firefox-he-52.2.0-1.mga5 firefox-hi_IN-52.2.0-1.mga5 firefox-hr-52.2.0-1.mga5 firefox-hsb-52.2.0-1.mga5 firefox-hu-52.2.0-1.mga5 firefox-hy_AM-52.2.0-1.mga5 firefox-id-52.2.0-1.mga5 firefox-is-52.2.0-1.mga5 firefox-it-52.2.0-1.mga5 firefox-ja-52.2.0-1.mga5 firefox-kk-52.2.0-1.mga5 firefox-km-52.2.0-1.mga5 firefox-kn-52.2.0-1.mga5 firefox-ko-52.2.0-1.mga5 firefox-lij-52.2.0-1.mga5 firefox-lt-52.2.0-1.mga5 firefox-lv-52.2.0-1.mga5 firefox-mai-52.2.0-1.mga5 firefox-mk-52.2.0-1.mga5 firefox-ml-52.2.0-1.mga5 firefox-mr-52.2.0-1.mga5 firefox-ms-52.2.0-1.mga5 firefox-nb_NO-52.2.0-1.mga5 firefox-nl-52.2.0-1.mga5 firefox-nn_NO-52.2.0-1.mga5 firefox-or-52.2.0-1.mga5 firefox-pa_IN-52.2.0-1.mga5 firefox-pl-52.2.0-1.mga5 firefox-pt_BR-52.2.0-1.mga5 firefox-pt_PT-52.2.0-1.mga5 firefox-ro-52.2.0-1.mga5 firefox-ru-52.2.0-1.mga5 firefox-si-52.2.0-1.mga5 firefox-sk-52.2.0-1.mga5 firefox-sl-52.2.0-1.mga5 firefox-sq-52.2.0-1.mga5 firefox-sr-52.2.0-1.mga5 firefox-sv_SE-52.2.0-1.mga5 firefox-ta-52.2.0-1.mga5 firefox-te-52.2.0-1.mga5 firefox-th-52.2.0-1.mga5 firefox-tr-52.2.0-1.mga5 firefox-uk-52.2.0-1.mga5 firefox-uz-52.2.0-1.mga5 firefox-vi-52.2.0-1.mga5 firefox-xh-52.2.0-1.mga5 firefox-zh_CN-52.2.0-1.mga5 firefox-zh_TW-52.2.0-1.mga5 from SRPMS: nspr-4.15-1.mga5.src.rpm firefox-52.2.0-1.mga5.src.rpm firefox-l10n-52.2.0-1.mga5.src.rpm
Assignee: bugsquad => qa-bugs
Tested mga5-64: General browsing, youtube video, Java, javascript (with jetstream) Acid3 does not run to completion-generally stops at 96, but I see this with the current android release of Firefox as well.
Whiteboard: (none) => has_procedure mga4-64-okCC: (none) => wrw105
changing whiteboard note.
CC: (none) => brtians1Whiteboard: has_procedure mga4-64-ok => has_procedure mga5-64-ok
$ uname -a Linux localhost.localdomain 4.4.68-desktop586-1.mga5 #1 SMP Sun May 14 17:55:26 UTC 2017 i686 i686 i686 GNU/Linux $ firefox -v Mozilla Firefox 52.2.0 I've logged into secure sites, played audio, browsed various sites. Working as designed.
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok mga5-32-ok
Validating; advisory to follow.
Keywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
Whiteboard: has_procedure mga5-64-ok mga5-32-ok => has_procedure mga5-64-ok mga5-32-ok advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0178.html
Status: NEW => RESOLVEDResolution: (none) => FIXED