Mozilla has released Firefox 52.8.0 on May 9: https://www.mozilla.org/en-US/firefox/52.8.0/releasenotes/ Security fixes are listed here: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ This brings also a rootcerts update (and nss rebuild) to 20180411. Mageia 5 Firefox still fails to build. Updated packages: rootcerts-20180411.00-1.mga6 rootcerts-java-20180411.00-1.mga6 nss-3.28.6-1.4.mga6 nss-doc-3.28.6-1.4.mga6 libnss3-3.28.6-1.4.mga6 libnss-devel-3.28.6-1.4.mga6 libnss-static-devel-3.28.6-1.4.mga6 firefox-52.8.0-1.mga6 firefox-devel-52.8.0-1.mga6 firefox-af-52.8.0-1.mga6 firefox-an-52.8.0-1.mga6 firefox-ar-52.8.0-1.mga6 firefox-as-52.8.0-1.mga6 firefox-ast-52.8.0-1.mga6 firefox-az-52.8.0-1.mga6 firefox-bg-52.8.0-1.mga6 firefox-bn_IN-52.8.0-1.mga6 firefox-bn_BD-52.8.0-1.mga6 firefox-br-52.8.0-1.mga6 firefox-bs-52.8.0-1.mga6 firefox-ca-52.8.0-1.mga6 firefox-cs-52.8.0-1.mga6 firefox-cy-52.8.0-1.mga6 firefox-da-52.8.0-1.mga6 firefox-de-52.8.0-1.mga6 firefox-el-52.8.0-1.mga6 firefox-en_GB-52.8.0-1.mga6 firefox-en_US-52.8.0-1.mga6 firefox-en_ZA-52.8.0-1.mga6 firefox-eo-52.8.0-1.mga6 firefox-es_AR-52.8.0-1.mga6 firefox-es_CL-52.8.0-1.mga6 firefox-es_ES-52.8.0-1.mga6 firefox-es_MX-52.8.0-1.mga6 firefox-et-52.8.0-1.mga6 firefox-eu-52.8.0-1.mga6 firefox-fa-52.8.0-1.mga6 firefox-ff-52.8.0-1.mga6 firefox-fi-52.8.0-1.mga6 firefox-fr-52.8.0-1.mga6 firefox-fy_NL-52.8.0-1.mga6 firefox-ga_IE-52.8.0-1.mga6 firefox-gd-52.8.0-1.mga6 firefox-gl-52.8.0-1.mga6 firefox-gu_IN-52.8.0-1.mga6 firefox-he-52.8.0-1.mga6 firefox-hi_IN-52.8.0-1.mga6 firefox-hr-52.8.0-1.mga6 firefox-hsb-52.8.0-1.mga6 firefox-hu-52.8.0-1.mga6 firefox-hy_AM-52.8.0-1.mga6 firefox-id-52.8.0-1.mga6 firefox-is-52.8.0-1.mga6 firefox-it-52.8.0-1.mga6 firefox-ja-52.8.0-1.mga6 firefox-kk-52.8.0-1.mga6 firefox-km-52.8.0-1.mga6 firefox-kn-52.8.0-1.mga6 firefox-ko-52.8.0-1.mga6 firefox-lij-52.8.0-1.mga6 firefox-lt-52.8.0-1.mga6 firefox-lv-52.8.0-1.mga6 firefox-mai-52.8.0-1.mga6 firefox-mk-52.8.0-1.mga6 firefox-ml-52.8.0-1.mga6 firefox-mr-52.8.0-1.mga6 firefox-ms-52.8.0-1.mga6 firefox-nb_NO-52.8.0-1.mga6 firefox-nl-52.8.0-1.mga6 firefox-nn_NO-52.8.0-1.mga6 firefox-or-52.8.0-1.mga6 firefox-pa_IN-52.8.0-1.mga6 firefox-pl-52.8.0-1.mga6 firefox-pt_BR-52.8.0-1.mga6 firefox-pt_PT-52.8.0-1.mga6 firefox-ro-52.8.0-1.mga6 firefox-ru-52.8.0-1.mga6 firefox-si-52.8.0-1.mga6 firefox-sk-52.8.0-1.mga6 firefox-sl-52.8.0-1.mga6 firefox-sq-52.8.0-1.mga6 firefox-sr-52.8.0-1.mga6 firefox-sv_SE-52.8.0-1.mga6 firefox-ta-52.8.0-1.mga6 firefox-te-52.8.0-1.mga6 firefox-th-52.8.0-1.mga6 firefox-tr-52.8.0-1.mga6 firefox-uk-52.8.0-1.mga6 firefox-uz-52.8.0-1.mga6 firefox-vi-52.8.0-1.mga6 firefox-xh-52.8.0-1.mga6 firefox-zh_CN-52.8.0-1.mga6 firefox-zh_TW-52.8.0-1.mga6 from SRPMS: rootcerts-20180411.00-1.mga6.src.rpm nss-3.28.6-1.4.mga6.src.rpm firefox-52.8.0-1.mga6.src.rpm firefox-l10n-52.8.0-1.mga6.src.rpm
Firefox 52.8.0-1 OK here 64 bit; - firefox-52.8.0-1.mga6.x86_64 - firefox-sv_SE-52.8.0-1.mga6.noarch This system use kernel 4.14.40-1, nvidia-current-390.48-1 also from testing. Reopening tabs that were open in old version, plugins OK, Playing video OK.
CC: (none) => fri
TESTING M6/64 real hardware with AMD/ATI/Radeon video rootcerts-20180411.00-1.mga6 rootcerts-java-20180411.00-1.mga6 nss-3.28.6-1.4.mga6 lib64nss3-3.28.6-1.4.mga6 firefox-52.8.0-1.mga6 firefox-cy-52.8.0-1.mga6 firefox-en_GB-52.8.0-1.mga6 Using it now, have tried a couple of mixed content sites including video with sound, all looks OK.
Tested mga6-64 general browsing, jetstream, javatester all OK. Acid3 renders to 99% with the yellow box rendering as gray.
Whiteboard: (none) => mga6-64-ok has_procedureCC: (none) => wrw105
(In reply to Bill Wilkinson from comment #3) > Acid3 renders to 99% with the yellow box rendering as gray. Could you please explain this - for future reference?
Lewis, The Acid tests (acidtests.org) are a series of browser standards compliance tests, the most often used of which are acid2 and acid3. The acid3 test, which supersedes acid2 runs a script which lists a percentage and renders 7 boxes in the colors of the rainbow. If the script runs smoothly to 100% and all 7 boxes are the right color, the test passes. This may be an issue with my own machine (it's from 2006), and has had some issues with previous releases. Just part of the test to make sure browsers are working as they should.
Interesting. In firefox 52.8, it reaches 97/100, but does not display any of the boxes, so it's a complete fail on my system. In firefox 52.6 (in a vb guest I haven't updated yet), it reaches 98/100 with the 3rd and 5th boxes gray, so the change is a regression. Btw, in opera 12.16, http://acid3.acidtests.org/ reaches 100/100 and displays correctly, while in google chrome, it reaches 97/100, with the second and third box showing gray instead of orange/yellow. While it is a regression, and as Bill reported, system dependent, it's not one serious enough to block the update.
CC: (none) => davidwhodgins
Tried the acid tests: 1) Looked good 2) Not completely congruent; extra rectangle over the message. 3) 99/100
CC: (none) => tarazed25
RedHat has issued an advisory for this on May 14: https://access.redhat.com/errata/RHSA-2018:1415 Advisory: ======================== Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 (CVE-2018-5150). Mozilla: Backport critical security fixes in Skia (CVE-2018-5183). Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154). Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155). Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157). Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158). Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159). Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168). Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2018:1415
tested mga6-32 in virtualbox under mate as above, same results. Ready for validation when advisory added to svn.
Whiteboard: mga6-64-ok has_procedure => mga6-64-ok has_procedure mga6-32-ok
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory added to svn
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0248.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED