Mozilla has released Firefox 52.9.0 on June 25: https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/ Details aren't available yet, but updates are committed to SVN and builds are in progress.
Advisory to come later. Updated packages in core/updates_testing: ======================== firefox-52.9.0-1.mga6 firefox-devel-52.9.0-1.mga6 firefox-af-52.9.0-1.mga6 firefox-an-52.9.0-1.mga6 firefox-ar-52.9.0-1.mga6 firefox-as-52.9.0-1.mga6 firefox-ast-52.9.0-1.mga6 firefox-az-52.9.0-1.mga6 firefox-bg-52.9.0-1.mga6 firefox-bn_IN-52.9.0-1.mga6 firefox-bn_BD-52.9.0-1.mga6 firefox-br-52.9.0-1.mga6 firefox-bs-52.9.0-1.mga6 firefox-ca-52.9.0-1.mga6 firefox-cs-52.9.0-1.mga6 firefox-cy-52.9.0-1.mga6 firefox-da-52.9.0-1.mga6 firefox-de-52.9.0-1.mga6 firefox-el-52.9.0-1.mga6 firefox-en_GB-52.9.0-1.mga6 firefox-en_US-52.9.0-1.mga6 firefox-en_ZA-52.9.0-1.mga6 firefox-eo-52.9.0-1.mga6 firefox-es_AR-52.9.0-1.mga6 firefox-es_CL-52.9.0-1.mga6 firefox-es_ES-52.9.0-1.mga6 firefox-es_MX-52.9.0-1.mga6 firefox-et-52.9.0-1.mga6 firefox-eu-52.9.0-1.mga6 firefox-fa-52.9.0-1.mga6 firefox-ff-52.9.0-1.mga6 firefox-fi-52.9.0-1.mga6 firefox-fr-52.9.0-1.mga6 firefox-fy_NL-52.9.0-1.mga6 firefox-ga_IE-52.9.0-1.mga6 firefox-gd-52.9.0-1.mga6 firefox-gl-52.9.0-1.mga6 firefox-gu_IN-52.9.0-1.mga6 firefox-he-52.9.0-1.mga6 firefox-hi_IN-52.9.0-1.mga6 firefox-hr-52.9.0-1.mga6 firefox-hsb-52.9.0-1.mga6 firefox-hu-52.9.0-1.mga6 firefox-hy_AM-52.9.0-1.mga6 firefox-id-52.9.0-1.mga6 firefox-is-52.9.0-1.mga6 firefox-it-52.9.0-1.mga6 firefox-ja-52.9.0-1.mga6 firefox-kk-52.9.0-1.mga6 firefox-km-52.9.0-1.mga6 firefox-kn-52.9.0-1.mga6 firefox-ko-52.9.0-1.mga6 firefox-lij-52.9.0-1.mga6 firefox-lt-52.9.0-1.mga6 firefox-lv-52.9.0-1.mga6 firefox-mai-52.9.0-1.mga6 firefox-mk-52.9.0-1.mga6 firefox-ml-52.9.0-1.mga6 firefox-mr-52.9.0-1.mga6 firefox-ms-52.9.0-1.mga6 firefox-nb_NO-52.9.0-1.mga6 firefox-nl-52.9.0-1.mga6 firefox-nn_NO-52.9.0-1.mga6 firefox-or-52.9.0-1.mga6 firefox-pa_IN-52.9.0-1.mga6 firefox-pl-52.9.0-1.mga6 firefox-pt_BR-52.9.0-1.mga6 firefox-pt_PT-52.9.0-1.mga6 firefox-ro-52.9.0-1.mga6 firefox-ru-52.9.0-1.mga6 firefox-si-52.9.0-1.mga6 firefox-sk-52.9.0-1.mga6 firefox-sl-52.9.0-1.mga6 firefox-sq-52.9.0-1.mga6 firefox-sr-52.9.0-1.mga6 firefox-sv_SE-52.9.0-1.mga6 firefox-ta-52.9.0-1.mga6 firefox-te-52.9.0-1.mga6 firefox-th-52.9.0-1.mga6 firefox-tr-52.9.0-1.mga6 firefox-uk-52.9.0-1.mga6 firefox-uz-52.9.0-1.mga6 firefox-vi-52.9.0-1.mga6 firefox-xh-52.9.0-1.mga6 firefox-zh_CN-52.9.0-1.mga6 firefox-zh_TW-52.9.0-1.mga6 from SRPMS: firefox-52.9.0-1.mga6.src.rpm firefox-l10n-52.9.0-1.mga6.src.rpm
Assignee: bugsquad => qa-bugs
Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
on mga6-64 plasma packages installed cleanly - firefox-52.9.0-1.mga6.x86_64 - firefox-en_GB-52.9.0-1.mga6.noarch commonly used web sites including youtube and video streaming - all OK flashplayer recognised at https://helpx.adobe.com/flash-player.html this update looks OK for mga6-64
CC: (none) => jim
Whiteboard: (none) => MGA6-64-OK
RedHat has issued an advisory for this today (June 28): https://access.redhat.com/errata/RHSA-2018:2113 Advisory: ======================== Updated firefox packages fix security vulnerability: Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188). Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359). Mozilla: Use-after-free using focus() (CVE-2018-12360). Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156). Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362). Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363). Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364). Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365). Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366 https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/ https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2018:2113
Updated this on two 32-bit installs on different hardware, one Plasma, the other Xfce. Tried a few websites and bookmarks, all looks OK. OKing this for 32-bit, and validating...
Keywords: (none) => validated_updateWhiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKCC: (none) => andrewsfarm, sysadmin-bugs
Just to confirm, I used the 64-bit version this morning on my laptop to read my newspaper, visit Facebook, and to write this comment. All looks good.
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0305.html
Status: NEW => RESOLVEDResolution: (none) => FIXED