This new version brings security fixes, so should be provided to users fastly. I have submit it to updates testing.
RPMS: firefox-60.2.2-1.mga6.{i586|x86_64}.rpm firefox-*-60.2.2-1.mga6.noarch.rpm firefox-60.2.2-1.mga6.srpm firefox-l10n-60.2.2-1.mga6.srpm
Suggested advisory : Firefox ESR 60.2.2 adresses two security fixes : CVE-2018-12386 and CVE-2018-12387.
Status: NEW => ASSIGNED
_way_ too little info in the advisory... A better one would be something like: Updated firefox packages fix security vulnerabilities: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered (CVE-2018-12386). A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process (CVE-2018-12386). References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
CC: (none) => tmb
Build succeeded, so it is ready to test.
Assignee: lists.jjorge => qa-bugsCC: (none) => lists.jjorge
RedHat has issued an advisory for this on October 8: https://access.redhat.com/errata/RHSA-2018:2884 Watch for the typo in tmb's advisory, one of the CVE's ends in a 7.
QA Contact: (none) => securityComponent: RPM Packages => Security
Tested in x86_64, no regressions found.
Whiteboard: (none) => MGA6-64-OK
Mageia 6, x86_64 Running fine here. Open tabs recovered. Ran Adobe flash video from APOD a few days back.
CC: (none) => tarazed25
Re comment #7 Having said that, th Acid tests did not do so well; 2 was almost correct but 3 showed two grey rectangles. http://acid3.acidtests.org/
On mga6-64 packages installed cleanly: - firefox-60.2.2-1.mga6.x86_64 - firefox-en_GB-60.2.2-1.mga6.noarch no regressions noted. Looks OK for mga6-64
CC: (none) => jim
on mga6-32 in a vbox VM packages installed cleanly - firefox-60.2.2-1.mga6.i586 - firefox-en_GB-60.2.2-1.mga6.noarch no regressions noted looks OK for mga6-32
In VirtualBox, M6, Mate, 32-bit Package(s) under test: firefox firefox-en_US firefox-en_GB default install of firefox firefox-en_US & firefox-en_GB [root@localhost wilcal]# urpmi firefox Package firefox-60.2.1-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-60.2.1-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-60.2.1-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com works fine. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok install firefox firefox-en_US & firefox-en_GB from updates_testing [root@localhost wilcal]# urpmi firefox Package firefox-60.2.2-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi firefox-en_US Package firefox-en_US-60.2.2-1.mga6.noarch is already installed [root@localhost wilcal]# urpmi firefox-en_GB Package firefox-en_GB-60.2.2-1.mga6.noarch is already installed Firefox works, many websites are accessible, YouTube & Vimeo videos play, common plugins are active. weather.com does work. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok
CC: (none) => wilcal.int
Whiteboard: MGA6-64-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0396.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED