Mozilla has released Firefox 52.5.0 today (November 14): https://www.mozilla.org/en-US/firefox/52.5.0/releasenotes/ It fixes a few security issues: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ No advisory from RedHat yet. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830 https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ ======================== Updated packages in core/updates_testing: ======================== rootcerts-20171025.00-1.mga5 rootcerts-java-20171025.00-1.mga5 nss-3.28.6-1.1.mga5 nss-doc-3.28.6-1.1.mga5 libnss3-3.28.6-1.1.mga5 libnss-devel-3.28.6-1.1.mga5 libnss-static-devel-3.28.6-1.1.mga5 firefox-52.5.0-1.mga5 firefox-devel-52.5.0-1.mga5 firefox-af-52.5.0-1.mga5 firefox-an-52.5.0-1.mga5 firefox-ar-52.5.0-1.mga5 firefox-as-52.5.0-1.mga5 firefox-ast-52.5.0-1.mga5 firefox-az-52.5.0-1.mga5 firefox-bg-52.5.0-1.mga5 firefox-bn_IN-52.5.0-1.mga5 firefox-bn_BD-52.5.0-1.mga5 firefox-br-52.5.0-1.mga5 firefox-bs-52.5.0-1.mga5 firefox-ca-52.5.0-1.mga5 firefox-cs-52.5.0-1.mga5 firefox-cy-52.5.0-1.mga5 firefox-da-52.5.0-1.mga5 firefox-de-52.5.0-1.mga5 firefox-el-52.5.0-1.mga5 firefox-en_GB-52.5.0-1.mga5 firefox-en_US-52.5.0-1.mga5 firefox-en_ZA-52.5.0-1.mga5 firefox-eo-52.5.0-1.mga5 firefox-es_AR-52.5.0-1.mga5 firefox-es_CL-52.5.0-1.mga5 firefox-es_ES-52.5.0-1.mga5 firefox-es_MX-52.5.0-1.mga5 firefox-et-52.5.0-1.mga5 firefox-eu-52.5.0-1.mga5 firefox-fa-52.5.0-1.mga5 firefox-ff-52.5.0-1.mga5 firefox-fi-52.5.0-1.mga5 firefox-fr-52.5.0-1.mga5 firefox-fy_NL-52.5.0-1.mga5 firefox-ga_IE-52.5.0-1.mga5 firefox-gd-52.5.0-1.mga5 firefox-gl-52.5.0-1.mga5 firefox-gu_IN-52.5.0-1.mga5 firefox-he-52.5.0-1.mga5 firefox-hi_IN-52.5.0-1.mga5 firefox-hr-52.5.0-1.mga5 firefox-hsb-52.5.0-1.mga5 firefox-hu-52.5.0-1.mga5 firefox-hy_AM-52.5.0-1.mga5 firefox-id-52.5.0-1.mga5 firefox-is-52.5.0-1.mga5 firefox-it-52.5.0-1.mga5 firefox-ja-52.5.0-1.mga5 firefox-kk-52.5.0-1.mga5 firefox-km-52.5.0-1.mga5 firefox-kn-52.5.0-1.mga5 firefox-ko-52.5.0-1.mga5 firefox-lij-52.5.0-1.mga5 firefox-lt-52.5.0-1.mga5 firefox-lv-52.5.0-1.mga5 firefox-mai-52.5.0-1.mga5 firefox-mk-52.5.0-1.mga5 firefox-ml-52.5.0-1.mga5 firefox-mr-52.5.0-1.mga5 firefox-ms-52.5.0-1.mga5 firefox-nb_NO-52.5.0-1.mga5 firefox-nl-52.5.0-1.mga5 firefox-nn_NO-52.5.0-1.mga5 firefox-or-52.5.0-1.mga5 firefox-pa_IN-52.5.0-1.mga5 firefox-pl-52.5.0-1.mga5 firefox-pt_BR-52.5.0-1.mga5 firefox-pt_PT-52.5.0-1.mga5 firefox-ro-52.5.0-1.mga5 firefox-ru-52.5.0-1.mga5 firefox-si-52.5.0-1.mga5 firefox-sk-52.5.0-1.mga5 firefox-sl-52.5.0-1.mga5 firefox-sq-52.5.0-1.mga5 firefox-sr-52.5.0-1.mga5 firefox-sv_SE-52.5.0-1.mga5 firefox-ta-52.5.0-1.mga5 firefox-te-52.5.0-1.mga5 firefox-th-52.5.0-1.mga5 firefox-tr-52.5.0-1.mga5 firefox-uk-52.5.0-1.mga5 firefox-uz-52.5.0-1.mga5 firefox-vi-52.5.0-1.mga5 firefox-xh-52.5.0-1.mga5 firefox-zh_CN-52.5.0-1.mga5 firefox-zh_TW-52.5.0-1.mga5 rootcerts-20171025.00-1.mga6 rootcerts-java-20171025.00-1.mga6 nss-3.28.6-1.1.mga6 nss-doc-3.28.6-1.1.mga6 libnss3-3.28.6-1.1.mga6 libnss-devel-3.28.6-1.1.mga6 libnss-static-devel-3.28.6-1.1.mga6 firefox-52.5.0-1.mga6 firefox-devel-52.5.0-1.mga6 firefox-af-52.5.0-1.mga6 firefox-an-52.5.0-1.mga6 firefox-ar-52.5.0-1.mga6 firefox-as-52.5.0-1.mga6 firefox-ast-52.5.0-1.mga6 firefox-az-52.5.0-1.mga6 firefox-bg-52.5.0-1.mga6 firefox-bn_IN-52.5.0-1.mga6 firefox-bn_BD-52.5.0-1.mga6 firefox-br-52.5.0-1.mga6 firefox-bs-52.5.0-1.mga6 firefox-ca-52.5.0-1.mga6 firefox-cs-52.5.0-1.mga6 firefox-cy-52.5.0-1.mga6 firefox-da-52.5.0-1.mga6 firefox-de-52.5.0-1.mga6 firefox-el-52.5.0-1.mga6 firefox-en_GB-52.5.0-1.mga6 firefox-en_US-52.5.0-1.mga6 firefox-en_ZA-52.5.0-1.mga6 firefox-eo-52.5.0-1.mga6 firefox-es_AR-52.5.0-1.mga6 firefox-es_CL-52.5.0-1.mga6 firefox-es_ES-52.5.0-1.mga6 firefox-es_MX-52.5.0-1.mga6 firefox-et-52.5.0-1.mga6 firefox-eu-52.5.0-1.mga6 firefox-fa-52.5.0-1.mga6 firefox-ff-52.5.0-1.mga6 firefox-fi-52.5.0-1.mga6 firefox-fr-52.5.0-1.mga6 firefox-fy_NL-52.5.0-1.mga6 firefox-ga_IE-52.5.0-1.mga6 firefox-gd-52.5.0-1.mga6 firefox-gl-52.5.0-1.mga6 firefox-gu_IN-52.5.0-1.mga6 firefox-he-52.5.0-1.mga6 firefox-hi_IN-52.5.0-1.mga6 firefox-hr-52.5.0-1.mga6 firefox-hsb-52.5.0-1.mga6 firefox-hu-52.5.0-1.mga6 firefox-hy_AM-52.5.0-1.mga6 firefox-id-52.5.0-1.mga6 firefox-is-52.5.0-1.mga6 firefox-it-52.5.0-1.mga6 firefox-ja-52.5.0-1.mga6 firefox-kk-52.5.0-1.mga6 firefox-km-52.5.0-1.mga6 firefox-kn-52.5.0-1.mga6 firefox-ko-52.5.0-1.mga6 firefox-lij-52.5.0-1.mga6 firefox-lt-52.5.0-1.mga6 firefox-lv-52.5.0-1.mga6 firefox-mai-52.5.0-1.mga6 firefox-mk-52.5.0-1.mga6 firefox-ml-52.5.0-1.mga6 firefox-mr-52.5.0-1.mga6 firefox-ms-52.5.0-1.mga6 firefox-nb_NO-52.5.0-1.mga6 firefox-nl-52.5.0-1.mga6 firefox-nn_NO-52.5.0-1.mga6 firefox-or-52.5.0-1.mga6 firefox-pa_IN-52.5.0-1.mga6 firefox-pl-52.5.0-1.mga6 firefox-pt_BR-52.5.0-1.mga6 firefox-pt_PT-52.5.0-1.mga6 firefox-ro-52.5.0-1.mga6 firefox-ru-52.5.0-1.mga6 firefox-si-52.5.0-1.mga6 firefox-sk-52.5.0-1.mga6 firefox-sl-52.5.0-1.mga6 firefox-sq-52.5.0-1.mga6 firefox-sr-52.5.0-1.mga6 firefox-sv_SE-52.5.0-1.mga6 firefox-ta-52.5.0-1.mga6 firefox-te-52.5.0-1.mga6 firefox-th-52.5.0-1.mga6 firefox-tr-52.5.0-1.mga6 firefox-uk-52.5.0-1.mga6 firefox-uz-52.5.0-1.mga6 firefox-vi-52.5.0-1.mga6 firefox-xh-52.5.0-1.mga6 firefox-zh_CN-52.5.0-1.mga6 firefox-zh_TW-52.5.0-1.mga6 from SRPMS: rootcerts-20171025.00-1.mga5.src.rpm nss-3.28.6-1.1.mga5.src.rpm firefox-52.5.0-1.mga5.src.rpm firefox-l10n-52.5.0-1.mga5.src.rpm rootcerts-20171025.00-1.mga6.src.rpm nss-3.28.6-1.1.mga6.src.rpm firefox-52.5.0-1.mga6.src.rpm firefox-l10n-52.5.0-1.mga6.src.rpm
Whiteboard: (none) => MGA5TOO
on mga6-64 packages installed cleanly - firefox-52.5.0-1.mga6.x86_64 - firefox-en_GB-52.5.0-1.mga6.noarch - lib64nss3-3.28.6-1.1.mga6.x86_64 - nss-3.28.6-1.1.mga6.x86_64 - rootcerts-20171025.00-1.mga6.noarch - rootcerts-java-20171025.00-1.mga6.noarch tested on a variey of web sites played video and streaming video no regressions noted OK for mga6-64
CC: (none) => jimWhiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
Mageia 6 on x86_64 Updated from Firefox 52.4 to 53.5 with firefox-en components. Restarted firefox with all previous tabs and checked bookmarking, add-ons, youtube and retrieving bookmarked pages. Linked OK from emails. Hopefully other language packs can be checked by other testers.
CC: (none) => tarazed25
on mga6-32 in a vbox VM packages installed cleanly: - firefox-52.5.0-1.mga6.i586 - firefox-en_GB-52.5.0-1.mga6.noarch - libnss3-3.28.6-1.1.mga6.i586 - nss-3.28.6-1.1.mga6.i586 - rootcerts-20171025.00-1.mga6.noarch - rootcerts-java-20171025.00-1.mga6.noarch tested on a number of websites played videos and streaming video no regressions noted OK for mga6-32
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OK
MGA5-32 on Asus A6000VM Xfce No installation issues. View images, video from newspaper and youtube, no obvious setbacks.
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-32-OKCC: (none) => herman.viaene
on mga5-64, packages installed cleanly: - firefox-52.5.0-1.mga5.x86_64 - firefox-en_GB-52.5.0-1.mga5.noarch - lib64nss3-3.28.6-1.1.mga5.x86_64 - nss-3.28.6-1.1.mga5.x86_64 - rootcerts-20171025.00-1.mga5.noarch - rootcerts-java-20171025.00-1.mga5.noarch firefox-sync settings restored OK Tested on a variety of web sites, including video and streaming video. No regressions noted OK for mga5-64
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-32-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK
restored Herman's OK - sorry
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK MGA5-32-OK
RedHat has issued an advisory for this today (November 17): https://access.redhat.com/errata/RHSA-2017:3247 Advisory: ======================== Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830 https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2017:3247
Only a few tests but no problems detected and this is only a sub-version update, and so I have validated it. The Advisory in comment#7 needs to be uploaded to SVN The update can then be pushed
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0418.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED