RedHat has issued an advisory on December 4: https://access.redhat.com/errata/RHSA-2017:3382 The issue is fixed in Firefox 52.5.1.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Firefox 52.5.2 released also correcting CVE-2017-7845
Assignee: pkg-bugs => nicolas.salgueroSummary: firefox new security issue CVE-2017-7843 => firefox new security issues CVE-2017-7843, CVE-2017-7845CC: (none) => nicolas.salguero
I did not see that CVE-2017-7845 only affects Windows.
Summary: firefox new security issues CVE-2017-7843, CVE-2017-7845 => firefox new security issue CVE-2017-7843
Source RPM: firefox => firefox, firefox-l10n
Suggested advisory: ======================== The updated packages fix a security vulnerability: Web worker in Private Browsing mode can write IndexedDB data. (CVE-2017-7843) References: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7843 ======================== Updated packages in 5/core/updates_testing: ======================== firefox-52.5.2-1.mga5 firefox-devel-52.5.2-1.mga5 firefox-af-52.5.2-1.mga5 firefox-an-52.5.2-1.mga5 firefox-ar-52.5.2-1.mga5 firefox-as-52.5.2-1.mga5 firefox-ast-52.5.2-1.mga5 firefox-az-52.5.2-1.mga5 firefox-bg-52.5.2-1.mga5 firefox-bn_IN-52.5.2-1.mga5 firefox-bn_BD-52.5.2-1.mga5 firefox-br-52.5.2-1.mga5 firefox-bs-52.5.2-1.mga5 firefox-ca-52.5.2-1.mga5 firefox-cs-52.5.2-1.mga5 firefox-cy-52.5.2-1.mga5 firefox-da-52.5.2-1.mga5 firefox-de-52.5.2-1.mga5 firefox-el-52.5.2-1.mga5 firefox-en_GB-52.5.2-1.mga5 firefox-en_US-52.5.2-1.mga5 firefox-en_ZA-52.5.2-1.mga5 firefox-eo-52.5.2-1.mga5 firefox-es_AR-52.5.2-1.mga5 firefox-es_CL-52.5.2-1.mga5 firefox-es_ES-52.5.2-1.mga5 firefox-es_MX-52.5.2-1.mga5 firefox-et-52.5.2-1.mga5 firefox-eu-52.5.2-1.mga5 firefox-fa-52.5.2-1.mga5 firefox-ff-52.5.2-1.mga5 firefox-fi-52.5.2-1.mga5 firefox-fr-52.5.2-1.mga5 firefox-fy_NL-52.5.2-1.mga5 firefox-ga_IE-52.5.2-1.mga5 firefox-gd-52.5.2-1.mga5 firefox-gl-52.5.2-1.mga5 firefox-gu_IN-52.5.2-1.mga5 firefox-he-52.5.2-1.mga5 firefox-hi_IN-52.5.2-1.mga5 firefox-hr-52.5.2-1.mga5 firefox-hsb-52.5.2-1.mga5 firefox-hu-52.5.2-1.mga5 firefox-hy_AM-52.5.2-1.mga5 firefox-id-52.5.2-1.mga5 firefox-is-52.5.2-1.mga5 firefox-it-52.5.2-1.mga5 firefox-ja-52.5.2-1.mga5 firefox-kk-52.5.2-1.mga5 firefox-km-52.5.2-1.mga5 firefox-kn-52.5.2-1.mga5 firefox-ko-52.5.2-1.mga5 firefox-lij-52.5.2-1.mga5 firefox-lt-52.5.2-1.mga5 firefox-lv-52.5.2-1.mga5 firefox-mai-52.5.2-1.mga5 firefox-mk-52.5.2-1.mga5 firefox-ml-52.5.2-1.mga5 firefox-mr-52.5.2-1.mga5 firefox-ms-52.5.2-1.mga5 firefox-nb_NO-52.5.2-1.mga5 firefox-nl-52.5.2-1.mga5 firefox-nn_NO-52.5.2-1.mga5 firefox-or-52.5.2-1.mga5 firefox-pa_IN-52.5.2-1.mga5 firefox-pl-52.5.2-1.mga5 firefox-pt_BR-52.5.2-1.mga5 firefox-pt_PT-52.5.2-1.mga5 firefox-ro-52.5.2-1.mga5 firefox-ru-52.5.2-1.mga5 firefox-si-52.5.2-1.mga5 firefox-sk-52.5.2-1.mga5 firefox-sl-52.5.2-1.mga5 firefox-sq-52.5.2-1.mga5 firefox-sr-52.5.2-1.mga5 firefox-sv_SE-52.5.2-1.mga5 firefox-ta-52.5.2-1.mga5 firefox-te-52.5.2-1.mga5 firefox-th-52.5.2-1.mga5 firefox-tr-52.5.2-1.mga5 firefox-uk-52.5.2-1.mga5 firefox-uz-52.5.2-1.mga5 firefox-vi-52.5.2-1.mga5 firefox-xh-52.5.2-1.mga5 firefox-zh_CN-52.5.2-1.mga5 firefox-zh_TW-52.5.2-1.mga5 from SRPMS: firefox-52.5.2-1.mga5.src.rpm firefox-l10n-52.5.2-1.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== firefox-52.5.2-1.mga6 firefox-devel-52.5.2-1.mga6 firefox-af-52.5.2-1.mga6 firefox-an-52.5.2-1.mga6 firefox-ar-52.5.2-1.mga6 firefox-as-52.5.2-1.mga6 firefox-ast-52.5.2-1.mga6 firefox-az-52.5.2-1.mga6 firefox-bg-52.5.2-1.mga6 firefox-bn_IN-52.5.2-1.mga6 firefox-bn_BD-52.5.2-1.mga6 firefox-br-52.5.2-1.mga6 firefox-bs-52.5.2-1.mga6 firefox-ca-52.5.2-1.mga6 firefox-cs-52.5.2-1.mga6 firefox-cy-52.5.2-1.mga6 firefox-da-52.5.2-1.mga6 firefox-de-52.5.2-1.mga6 firefox-el-52.5.2-1.mga6 firefox-en_GB-52.5.2-1.mga6 firefox-en_US-52.5.2-1.mga6 firefox-en_ZA-52.5.2-1.mga6 firefox-eo-52.5.2-1.mga6 firefox-es_AR-52.5.2-1.mga6 firefox-es_CL-52.5.2-1.mga6 firefox-es_ES-52.5.2-1.mga6 firefox-es_MX-52.5.2-1.mga6 firefox-et-52.5.2-1.mga6 firefox-eu-52.5.2-1.mga6 firefox-fa-52.5.2-1.mga6 firefox-ff-52.5.2-1.mga6 firefox-fi-52.5.2-1.mga6 firefox-fr-52.5.2-1.mga6 firefox-fy_NL-52.5.2-1.mga6 firefox-ga_IE-52.5.2-1.mga6 firefox-gd-52.5.2-1.mga6 firefox-gl-52.5.2-1.mga6 firefox-gu_IN-52.5.2-1.mga6 firefox-he-52.5.2-1.mga6 firefox-hi_IN-52.5.2-1.mga6 firefox-hr-52.5.2-1.mga6 firefox-hsb-52.5.2-1.mga6 firefox-hu-52.5.2-1.mga6 firefox-hy_AM-52.5.2-1.mga6 firefox-id-52.5.2-1.mga6 firefox-is-52.5.2-1.mga6 firefox-it-52.5.2-1.mga6 firefox-ja-52.5.2-1.mga6 firefox-kk-52.5.2-1.mga6 firefox-km-52.5.2-1.mga6 firefox-kn-52.5.2-1.mga6 firefox-ko-52.5.2-1.mga6 firefox-lij-52.5.2-1.mga6 firefox-lt-52.5.2-1.mga6 firefox-lv-52.5.2-1.mga6 firefox-mai-52.5.2-1.mga6 firefox-mk-52.5.2-1.mga6 firefox-ml-52.5.2-1.mga6 firefox-mr-52.5.2-1.mga6 firefox-ms-52.5.2-1.mga6 firefox-nb_NO-52.5.2-1.mga6 firefox-nl-52.5.2-1.mga6 firefox-nn_NO-52.5.2-1.mga6 firefox-or-52.5.2-1.mga6 firefox-pa_IN-52.5.2-1.mga6 firefox-pl-52.5.2-1.mga6 firefox-pt_BR-52.5.2-1.mga6 firefox-pt_PT-52.5.2-1.mga6 firefox-ro-52.5.2-1.mga6 firefox-ru-52.5.2-1.mga6 firefox-si-52.5.2-1.mga6 firefox-sk-52.5.2-1.mga6 firefox-sl-52.5.2-1.mga6 firefox-sq-52.5.2-1.mga6 firefox-sr-52.5.2-1.mga6 firefox-sv_SE-52.5.2-1.mga6 firefox-ta-52.5.2-1.mga6 firefox-te-52.5.2-1.mga6 firefox-th-52.5.2-1.mga6 firefox-tr-52.5.2-1.mga6 firefox-uk-52.5.2-1.mga6 firefox-uz-52.5.2-1.mga6 firefox-vi-52.5.2-1.mga6 firefox-xh-52.5.2-1.mga6 firefox-zh_CN-52.5.2-1.mga6 firefox-zh_TW-52.5.2-1.mga6 from SRPMS: firefox-52.5.2-1.mga6.src.rpm firefox-l10n-52.5.2-1.mga6.src.rpm
Status: NEW => ASSIGNEDWhiteboard: (none) => MGA5TOOCVE: (none) => CVE-2017-7843Assignee: nicolas.salguero => qa-bugs
In VirtualBox, M6, Plasma, 64-bit Package(s) under test: firefox firefox-en_US firefox-en_GB default install of firefox firefox-en_US & firefox-en_GB [root@localhost wilcal]# urpmi firefox Package firefox-52.5.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-52.5.0-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-52.5.0-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com works fine. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok install firefox firefox-en_US & firefox-en_GB from updates_testing [root@localhost wilcal]# urpmi firefox Package firefox-52.5.2-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-52.5.2-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-52.5.2-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com does work. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok
CC: (none) => wilcal.int
In VirtualBox, M6, Plasma, 32-bit Package(s) under test: firefox firefox-en_US firefox-en_GB default install of firefox firefox-en_US & firefox-en_GB [root@localhost wilcal]# urpmi firefox Package firefox-52.5.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-52.5.0-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-52.5.0-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com works fine. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok install firefox firefox-en_US & firefox-en_GB from updates_testing [root@localhost wilcal]# urpmi firefox Package firefox-52.5.2-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-52.5.2-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-52.5.2-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com does work. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok
Updated this on Mageia 6 for x86_64, with en_US and en_GB language packs. Relaunched firefox. help -> about firefox reported 52.5.2. Bookmarks and menus OK. Checked installed extensions through tools menu. Visited a few astronomical sites, Radio Times, madb, Youtube. All working as before. Found the Weather Underground via the search field. Borrowed wilcal's acid2 and acid3 links. Working fine. $ firefox file:///home/lcl/Downloads That provided access to a user directory and files could be examined, as text with selected application, or images or linked through html or run as cgi. All good.
Whiteboard: MGA5TOO => MGA5TOOCC: (none) => tarazed25
on mga6-64 packages installed cleanly: - firefox-52.5.2-1.mga6.x86_64 - firefox-en_GB-52.5.2-1.mga6.noarch firefox-sync OK Tested on several web sites video and streaming video OK no regressions noted OK on mga6-64
CC: (none) => jim
Don't forget to add the mga5-64-ok tag etc, after testing. Validating the update.
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK MGA5-32-OK MGA6-64-OK MGA6-32-OKCC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0448.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED