23991 – Firefox 60.4

Bug 23991 - Firefox 60.4

Summary: Firefox 60.4

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-32-OK MGA6-64-OK
Keywords:	advisory, validated_update

Depends on:	23972
Blocks:
	Show dependency tree / graph

Reported:	2018-12-11 04:12 CET by David Walser
Modified:	2018-12-17 16:55 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	firefox
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-12-11 04:12:12 CET

Mozilla has released Firefox 60.4 today (December 10):
https://www.mozilla.org/en-US/firefox/60.4.0/releasenotes/

Information for this update isn't available yet.

Updated packages in core/updates_testing:
========================
firefox-60.4.0-1.mga6
firefox-devel-60.4.0-1.mga6
firefox-af-60.4.0-1.mga6
firefox-an-60.4.0-1.mga6
firefox-ar-60.4.0-1.mga6
firefox-as-60.4.0-1.mga6
firefox-ast-60.4.0-1.mga6
firefox-az-60.4.0-1.mga6
firefox-bg-60.4.0-1.mga6
firefox-bn_IN-60.4.0-1.mga6
firefox-bn_BD-60.4.0-1.mga6
firefox-br-60.4.0-1.mga6
firefox-bs-60.4.0-1.mga6
firefox-ca-60.4.0-1.mga6
firefox-cs-60.4.0-1.mga6
firefox-cy-60.4.0-1.mga6
firefox-da-60.4.0-1.mga6
firefox-de-60.4.0-1.mga6
firefox-el-60.4.0-1.mga6
firefox-en_GB-60.4.0-1.mga6
firefox-en_US-60.4.0-1.mga6
firefox-en_ZA-60.4.0-1.mga6
firefox-eo-60.4.0-1.mga6
firefox-es_AR-60.4.0-1.mga6 
firefox-es_CL-60.4.0-1.mga6 
firefox-es_ES-60.4.0-1.mga6 
firefox-es_MX-60.4.0-1.mga6 
firefox-et-60.4.0-1.mga6 
firefox-eu-60.4.0-1.mga6 
firefox-fa-60.4.0-1.mga6 
firefox-ff-60.4.0-1.mga6 
firefox-fi-60.4.0-1.mga6 
firefox-fr-60.4.0-1.mga6 
firefox-fy_NL-60.4.0-1.mga6 
firefox-ga_IE-60.4.0-1.mga6 
firefox-gd-60.4.0-1.mga6 
firefox-gl-60.4.0-1.mga6 
firefox-gu_IN-60.4.0-1.mga6 
firefox-he-60.4.0-1.mga6 
firefox-hi_IN-60.4.0-1.mga6
firefox-hr-60.4.0-1.mga6 
firefox-hsb-60.4.0-1.mga6 
firefox-hu-60.4.0-1.mga6 
firefox-hy_AM-60.4.0-1.mga6 
firefox-id-60.4.0-1.mga6 
firefox-is-60.4.0-1.mga6 
firefox-it-60.4.0-1.mga6 
firefox-ja-60.4.0-1.mga6 
firefox-kk-60.4.0-1.mga6 
firefox-km-60.4.0-1.mga6 
firefox-kn-60.4.0-1.mga6 
firefox-ko-60.4.0-1.mga6 
firefox-lij-60.4.0-1.mga6 
firefox-lt-60.4.0-1.mga6 
firefox-lv-60.4.0-1.mga6 
firefox-mai-60.4.0-1.mga6 
firefox-mk-60.4.0-1.mga6 
firefox-ml-60.4.0-1.mga6 
firefox-mr-60.4.0-1.mga6 
firefox-ms-60.4.0-1.mga6 
firefox-nb_NO-60.4.0-1.mga6 
firefox-nl-60.4.0-1.mga6 
firefox-nn_NO-60.4.0-1.mga6 
firefox-or-60.4.0-1.mga6 
firefox-pa_IN-60.4.0-1.mga6 
firefox-pl-60.4.0-1.mga6 
firefox-pt_BR-60.4.0-1.mga6 
firefox-pt_PT-60.4.0-1.mga6 
firefox-ro-60.4.0-1.mga6 
firefox-ru-60.4.0-1.mga6 
firefox-si-60.4.0-1.mga6 
firefox-sk-60.4.0-1.mga6 
firefox-sl-60.4.0-1.mga6 
firefox-sq-60.4.0-1.mga6 
firefox-sr-60.4.0-1.mga6 
firefox-sv_SE-60.4.0-1.mga6 
firefox-ta-60.4.0-1.mga6 
firefox-te-60.4.0-1.mga6 
firefox-th-60.4.0-1.mga6 
firefox-tr-60.4.0-1.mga6 
firefox-uk-60.4.0-1.mga6 
firefox-uz-60.4.0-1.mga6 
firefox-vi-60.4.0-1.mga6 
firefox-xh-60.4.0-1.mga6 
firefox-zh_CN-60.4.0-1.mga6 
firefox-zh_TW-60.4.0-1.mga6

from SRPMS:
firefox-60.4.0-1.mga6.src.rpm
firefox-l10n-60.4.0-1.mga6.src.rpm

David Walser 2018-12-11 04:12:22 CET

Depends on: (none) => 23972

Comment 1 Morgan Leijström 2018-12-11 09:26:48 CET

OK 64 bit, swedish, Plasma, Nvidia
Upon start it reloads all tabs the previous version had open, youtube and svtplay plays videos, etc, i see no regression, using it from now on in production.

CC: (none) => fri

Comment 2 James Kerr 2018-12-11 11:33:02 CET

on mga6-64 plasma

packages installed cleanly:
firefox-en_GB-60.4.0-1.mga6.noarch  
firefox-60.4.0-1.mga6.x86_64 

no regressions observed looks OK for mga6-64

CC: (none) => jim

Comment 3 Herman Viaene 2018-12-11 15:01:33 CET

MGA6-32 MATE (dutch) on IBM Thinkpad R50e
No installation issues, nl language package automatically drawn in.
Tested with my usual newspaper site with text, video , sound etc...
All is OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2018-12-11 17:20:58 CET

MGA6-64 Plasma on HP Probook 6550b.

Installed this, nss (bug 23972) and Thunderbird all at the same time, using QA Repo. US English language versions. No installation issues.

Tested with a newspaper site, Facebook, Youtube, and a weather radar site. All worked as expected, including a loop on the radar site that uses Flash.

OK here for 64-bit. Validating. Advisory in Description.

Keywords: (none) => validated_update
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 David Walser 2018-12-12 03:15:15 CET

Actually there's no advisory yet.  Validation is fine but don't push yet.

Comment 6 Thomas Andrews 2018-12-12 04:05:56 CET

(In reply to David Walser from comment #5)
> Actually there's no advisory yet.  Validation is fine but don't push yet.

Oops. Must remember to read these things closer.

Comment 7 David Walser 2018-12-12 15:33:04 CET

Nothing from RedHat yet, but upstream's advisory is posted.

Preliminary advisory for us:

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within
the ANGLE graphics library, used for WebGL content. This results in a
potentially exploitable crash (CVE-2018-17466).

A use-after-free vulnerability can occur after deleting a selection element
due to a weak reference to the select element in the options collection. This
results in a potentially exploitable crash (CVE-2018-18492).

A buffer overflow can occur in the Skia library during buffer offset
calculations with hardware accelerated canvas 2D actions due to the use of
32-bit calculations instead of 64-bit. This results in a potentially
exploitable crash (CVE-2018-18493).

A same-origin policy violation allowing the theft of cross-origin URL entries
when using the Javascript location property to cause a redirection to another
site using performance.getEntries(). This is a same-origin policy violation
and could allow for data theft (CVE-2018-19494).

A potential vulnerability leading to an integer overflow can occur during
buffer size calculations for images when a raw value is used instead of the
checked value. This leads to a possible out-of-bounds write (CVE-2018-18498).

Memory safety bugs present in Firefox ESR 60.3, some of which showed evidence
of memory corruption and we presume that with enough effort that some of these
could be exploited to run arbitrary code (CVE-2018-12405).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/

Comment 8 Lewis Smith 2018-12-15 21:27:04 CET

Advisoried from comments 0 and 7.

Keywords: (none) => advisory
CC: (none) => lewyssmith

Comment 9 Mageia Robot 2018-12-15 22:30:55 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0483.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 10 David Walser 2018-12-17 16:55:34 CET

RedHat has issued an advisory for this today (December 17):
https://access.redhat.com/errata/RHSA-2018:3833

Note You need to log in before you can comment on or make changes to this bug.