Bug 21088 - Firefox 52.2
Summary: Firefox 52.2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: has_procedure mga5-64-ok mga5-32-ok a...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-06-14 12:31 CEST by David Walser
Modified: 2017-06-19 09:44 CEST (History)
4 users (show)

See Also:
Source RPM: firefox
CVE:
Status comment:


Attachments

Description David Walser 2017-06-14 12:31:36 CEST
RedHat has issued an advisory today (June 14):
https://rhn.redhat.com/errata/RHSA-2017-1440.html

Upstream MFSA:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/

I'm also updating nspr to 4.15 with this update.

Packages uploaded for Cauldron and building for Mageia 5 now.
Comment 1 David Walser 2017-06-14 13:39:27 CEST
Advisory:
========================

Updated firefox packages fix security issues:

Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox
(CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,
CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,
CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://rhn.redhat.com/errata/RHSA-2017-1440.html
========================

Updated packages in core/updates_testing:
========================
libnspr4-4.15-1.mga5
libnspr-devel-4.15-1.mga5
firefox-52.2.0-1.mga5
firefox-devel-52.2.0-1.mga5
firefox-af-52.2.0-1.mga5
firefox-an-52.2.0-1.mga5
firefox-ar-52.2.0-1.mga5
firefox-as-52.2.0-1.mga5
firefox-ast-52.2.0-1.mga5
firefox-az-52.2.0-1.mga5
firefox-bg-52.2.0-1.mga5
firefox-bn_IN-52.2.0-1.mga5
firefox-bn_BD-52.2.0-1.mga5
firefox-br-52.2.0-1.mga5
firefox-bs-52.2.0-1.mga5
firefox-ca-52.2.0-1.mga5
firefox-cs-52.2.0-1.mga5
firefox-cy-52.2.0-1.mga5
firefox-da-52.2.0-1.mga5
firefox-de-52.2.0-1.mga5
firefox-el-52.2.0-1.mga5
firefox-en_GB-52.2.0-1.mga5
firefox-en_US-52.2.0-1.mga5
firefox-en_ZA-52.2.0-1.mga5
firefox-eo-52.2.0-1.mga5
firefox-es_AR-52.2.0-1.mga5
firefox-es_CL-52.2.0-1.mga5
firefox-es_ES-52.2.0-1.mga5
firefox-es_MX-52.2.0-1.mga5
firefox-et-52.2.0-1.mga5
firefox-eu-52.2.0-1.mga5
firefox-fa-52.2.0-1.mga5
firefox-ff-52.2.0-1.mga5
firefox-fi-52.2.0-1.mga5
firefox-fr-52.2.0-1.mga5
firefox-fy_NL-52.2.0-1.mga5
firefox-ga_IE-52.2.0-1.mga5
firefox-gd-52.2.0-1.mga5
firefox-gl-52.2.0-1.mga5
firefox-gu_IN-52.2.0-1.mga5
firefox-he-52.2.0-1.mga5
firefox-hi_IN-52.2.0-1.mga5
firefox-hr-52.2.0-1.mga5
firefox-hsb-52.2.0-1.mga5
firefox-hu-52.2.0-1.mga5
firefox-hy_AM-52.2.0-1.mga5
firefox-id-52.2.0-1.mga5
firefox-is-52.2.0-1.mga5
firefox-it-52.2.0-1.mga5
firefox-ja-52.2.0-1.mga5
firefox-kk-52.2.0-1.mga5
firefox-km-52.2.0-1.mga5
firefox-kn-52.2.0-1.mga5
firefox-ko-52.2.0-1.mga5
firefox-lij-52.2.0-1.mga5
firefox-lt-52.2.0-1.mga5
firefox-lv-52.2.0-1.mga5
firefox-mai-52.2.0-1.mga5
firefox-mk-52.2.0-1.mga5
firefox-ml-52.2.0-1.mga5
firefox-mr-52.2.0-1.mga5
firefox-ms-52.2.0-1.mga5
firefox-nb_NO-52.2.0-1.mga5
firefox-nl-52.2.0-1.mga5
firefox-nn_NO-52.2.0-1.mga5
firefox-or-52.2.0-1.mga5
firefox-pa_IN-52.2.0-1.mga5
firefox-pl-52.2.0-1.mga5
firefox-pt_BR-52.2.0-1.mga5
firefox-pt_PT-52.2.0-1.mga5
firefox-ro-52.2.0-1.mga5
firefox-ru-52.2.0-1.mga5
firefox-si-52.2.0-1.mga5
firefox-sk-52.2.0-1.mga5
firefox-sl-52.2.0-1.mga5
firefox-sq-52.2.0-1.mga5
firefox-sr-52.2.0-1.mga5
firefox-sv_SE-52.2.0-1.mga5
firefox-ta-52.2.0-1.mga5
firefox-te-52.2.0-1.mga5
firefox-th-52.2.0-1.mga5
firefox-tr-52.2.0-1.mga5
firefox-uk-52.2.0-1.mga5
firefox-uz-52.2.0-1.mga5
firefox-vi-52.2.0-1.mga5
firefox-xh-52.2.0-1.mga5
firefox-zh_CN-52.2.0-1.mga5
firefox-zh_TW-52.2.0-1.mga5

from SRPMS:
nspr-4.15-1.mga5.src.rpm
firefox-52.2.0-1.mga5.src.rpm
firefox-l10n-52.2.0-1.mga5.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Bill Wilkinson 2017-06-15 04:11:09 CEST
Tested mga5-64:

General browsing, youtube video, Java, javascript (with jetstream) 
Acid3 does not run to completion-generally stops at 96, but I see this with the current android release of Firefox as well.

Whiteboard: (none) => has_procedure mga4-64-ok
CC: (none) => wrw105

Comment 3 Brian Rockwell 2017-06-15 16:44:52 CEST
changing whiteboard note.

CC: (none) => brtians1
Whiteboard: has_procedure mga4-64-ok => has_procedure mga5-64-ok

Comment 4 Brian Rockwell 2017-06-15 18:38:21 CEST
$ uname -a
Linux localhost.localdomain 4.4.68-desktop586-1.mga5 #1 SMP Sun May 14 17:55:26 UTC 2017 i686 i686 i686 GNU/Linux

$ firefox -v
Mozilla Firefox 52.2.0

I've logged into secure sites, played audio, browsed various sites.

Working as designed.

Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok mga5-32-ok

Comment 5 Lewis Smith 2017-06-15 20:58:05 CEST
Validating; advisory to follow.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Lewis Smith 2017-06-15 22:14:21 CEST

Whiteboard: has_procedure mga5-64-ok mga5-32-ok => has_procedure mga5-64-ok mga5-32-ok advisory

Comment 6 Mageia Robot 2017-06-19 09:44:43 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0178.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.