Bug 23233 - Firefox 52.9.0
Summary: Firefox 52.9.0
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-06-26 13:30 CEST by David Walser
Modified: 2018-07-01 19:18 CEST (History)
4 users (show)

See Also:
Source RPM: firefox
CVE:
Status comment:


Attachments

Description David Walser 2018-06-26 13:30:07 CEST
Mozilla has released Firefox 52.9.0 on June 25:
https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/

Details aren't available yet, but updates are committed to SVN and builds are in progress.
Comment 1 David Walser 2018-06-26 15:58:36 CEST
Advisory to come later.

Updated packages in core/updates_testing:
========================
firefox-52.9.0-1.mga6
firefox-devel-52.9.0-1.mga6
firefox-af-52.9.0-1.mga6
firefox-an-52.9.0-1.mga6
firefox-ar-52.9.0-1.mga6
firefox-as-52.9.0-1.mga6
firefox-ast-52.9.0-1.mga6
firefox-az-52.9.0-1.mga6
firefox-bg-52.9.0-1.mga6
firefox-bn_IN-52.9.0-1.mga6
firefox-bn_BD-52.9.0-1.mga6
firefox-br-52.9.0-1.mga6
firefox-bs-52.9.0-1.mga6
firefox-ca-52.9.0-1.mga6
firefox-cs-52.9.0-1.mga6
firefox-cy-52.9.0-1.mga6
firefox-da-52.9.0-1.mga6
firefox-de-52.9.0-1.mga6
firefox-el-52.9.0-1.mga6
firefox-en_GB-52.9.0-1.mga6
firefox-en_US-52.9.0-1.mga6
firefox-en_ZA-52.9.0-1.mga6
firefox-eo-52.9.0-1.mga6
firefox-es_AR-52.9.0-1.mga6
firefox-es_CL-52.9.0-1.mga6
firefox-es_ES-52.9.0-1.mga6
firefox-es_MX-52.9.0-1.mga6
firefox-et-52.9.0-1.mga6
firefox-eu-52.9.0-1.mga6
firefox-fa-52.9.0-1.mga6
firefox-ff-52.9.0-1.mga6
firefox-fi-52.9.0-1.mga6
firefox-fr-52.9.0-1.mga6
firefox-fy_NL-52.9.0-1.mga6
firefox-ga_IE-52.9.0-1.mga6
firefox-gd-52.9.0-1.mga6
firefox-gl-52.9.0-1.mga6
firefox-gu_IN-52.9.0-1.mga6
firefox-he-52.9.0-1.mga6
firefox-hi_IN-52.9.0-1.mga6
firefox-hr-52.9.0-1.mga6
firefox-hsb-52.9.0-1.mga6
firefox-hu-52.9.0-1.mga6
firefox-hy_AM-52.9.0-1.mga6
firefox-id-52.9.0-1.mga6
firefox-is-52.9.0-1.mga6
firefox-it-52.9.0-1.mga6
firefox-ja-52.9.0-1.mga6
firefox-kk-52.9.0-1.mga6
firefox-km-52.9.0-1.mga6
firefox-kn-52.9.0-1.mga6
firefox-ko-52.9.0-1.mga6
firefox-lij-52.9.0-1.mga6
firefox-lt-52.9.0-1.mga6
firefox-lv-52.9.0-1.mga6
firefox-mai-52.9.0-1.mga6
firefox-mk-52.9.0-1.mga6
firefox-ml-52.9.0-1.mga6
firefox-mr-52.9.0-1.mga6
firefox-ms-52.9.0-1.mga6
firefox-nb_NO-52.9.0-1.mga6
firefox-nl-52.9.0-1.mga6
firefox-nn_NO-52.9.0-1.mga6
firefox-or-52.9.0-1.mga6
firefox-pa_IN-52.9.0-1.mga6
firefox-pl-52.9.0-1.mga6
firefox-pt_BR-52.9.0-1.mga6
firefox-pt_PT-52.9.0-1.mga6
firefox-ro-52.9.0-1.mga6
firefox-ru-52.9.0-1.mga6
firefox-si-52.9.0-1.mga6
firefox-sk-52.9.0-1.mga6
firefox-sl-52.9.0-1.mga6
firefox-sq-52.9.0-1.mga6
firefox-sr-52.9.0-1.mga6
firefox-sv_SE-52.9.0-1.mga6
firefox-ta-52.9.0-1.mga6
firefox-te-52.9.0-1.mga6
firefox-th-52.9.0-1.mga6
firefox-tr-52.9.0-1.mga6
firefox-uk-52.9.0-1.mga6
firefox-uz-52.9.0-1.mga6
firefox-vi-52.9.0-1.mga6
firefox-xh-52.9.0-1.mga6
firefox-zh_CN-52.9.0-1.mga6
firefox-zh_TW-52.9.0-1.mga6

from SRPMS:
firefox-52.9.0-1.mga6.src.rpm
firefox-l10n-52.9.0-1.mga6.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 David Walser 2018-06-26 21:51:05 CEST
Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
Comment 3 James Kerr 2018-06-27 10:58:47 CEST
on mga6-64  plasma

packages installed cleanly
- firefox-52.9.0-1.mga6.x86_64
- firefox-en_GB-52.9.0-1.mga6.noarch

commonly used web sites including youtube and video streaming - all OK
flashplayer recognised at https://helpx.adobe.com/flash-player.html 

this update looks OK for mga6-64

CC: (none) => jim

James Kerr 2018-06-27 11:00:14 CEST

Whiteboard: (none) => MGA6-64-OK

Comment 4 David Walser 2018-06-28 21:54:07 CEST
RedHat has issued an advisory for this today (June 28):
https://access.redhat.com/errata/RHSA-2018:2113

Advisory:
========================

Updated firefox packages fix security vulnerability:

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188).

Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359).

Mozilla: Use-after-free using focus() (CVE-2018-12360).

Mozilla: Media recorder segmentation fault when track type is changed during
capture (CVE-2018-5156).

Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362).

Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363).

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364).

Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365).

Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/
https://access.redhat.com/errata/RHSA-2018:2113
Comment 5 Thomas Andrews 2018-06-29 04:17:40 CEST
Updated this on two 32-bit installs on different hardware, one Plasma, the other Xfce. Tried a few websites and bookmarks, all looks OK.

OKing this for 32-bit, and validating...

Keywords: (none) => validated_update
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 Thomas Andrews 2018-06-29 13:56:10 CEST
Just to confirm, I used the 64-bit version this morning on my laptop to read my newspaper, visit Facebook, and to write this comment. All looks good.
Dave Hodgins 2018-06-29 20:20:30 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2018-07-01 19:18:47 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0305.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.