Mozilla has released Firefox 60.4 today (December 10): https://www.mozilla.org/en-US/firefox/60.4.0/releasenotes/ Information for this update isn't available yet. Updated packages in core/updates_testing: ======================== firefox-60.4.0-1.mga6 firefox-devel-60.4.0-1.mga6 firefox-af-60.4.0-1.mga6 firefox-an-60.4.0-1.mga6 firefox-ar-60.4.0-1.mga6 firefox-as-60.4.0-1.mga6 firefox-ast-60.4.0-1.mga6 firefox-az-60.4.0-1.mga6 firefox-bg-60.4.0-1.mga6 firefox-bn_IN-60.4.0-1.mga6 firefox-bn_BD-60.4.0-1.mga6 firefox-br-60.4.0-1.mga6 firefox-bs-60.4.0-1.mga6 firefox-ca-60.4.0-1.mga6 firefox-cs-60.4.0-1.mga6 firefox-cy-60.4.0-1.mga6 firefox-da-60.4.0-1.mga6 firefox-de-60.4.0-1.mga6 firefox-el-60.4.0-1.mga6 firefox-en_GB-60.4.0-1.mga6 firefox-en_US-60.4.0-1.mga6 firefox-en_ZA-60.4.0-1.mga6 firefox-eo-60.4.0-1.mga6 firefox-es_AR-60.4.0-1.mga6 firefox-es_CL-60.4.0-1.mga6 firefox-es_ES-60.4.0-1.mga6 firefox-es_MX-60.4.0-1.mga6 firefox-et-60.4.0-1.mga6 firefox-eu-60.4.0-1.mga6 firefox-fa-60.4.0-1.mga6 firefox-ff-60.4.0-1.mga6 firefox-fi-60.4.0-1.mga6 firefox-fr-60.4.0-1.mga6 firefox-fy_NL-60.4.0-1.mga6 firefox-ga_IE-60.4.0-1.mga6 firefox-gd-60.4.0-1.mga6 firefox-gl-60.4.0-1.mga6 firefox-gu_IN-60.4.0-1.mga6 firefox-he-60.4.0-1.mga6 firefox-hi_IN-60.4.0-1.mga6 firefox-hr-60.4.0-1.mga6 firefox-hsb-60.4.0-1.mga6 firefox-hu-60.4.0-1.mga6 firefox-hy_AM-60.4.0-1.mga6 firefox-id-60.4.0-1.mga6 firefox-is-60.4.0-1.mga6 firefox-it-60.4.0-1.mga6 firefox-ja-60.4.0-1.mga6 firefox-kk-60.4.0-1.mga6 firefox-km-60.4.0-1.mga6 firefox-kn-60.4.0-1.mga6 firefox-ko-60.4.0-1.mga6 firefox-lij-60.4.0-1.mga6 firefox-lt-60.4.0-1.mga6 firefox-lv-60.4.0-1.mga6 firefox-mai-60.4.0-1.mga6 firefox-mk-60.4.0-1.mga6 firefox-ml-60.4.0-1.mga6 firefox-mr-60.4.0-1.mga6 firefox-ms-60.4.0-1.mga6 firefox-nb_NO-60.4.0-1.mga6 firefox-nl-60.4.0-1.mga6 firefox-nn_NO-60.4.0-1.mga6 firefox-or-60.4.0-1.mga6 firefox-pa_IN-60.4.0-1.mga6 firefox-pl-60.4.0-1.mga6 firefox-pt_BR-60.4.0-1.mga6 firefox-pt_PT-60.4.0-1.mga6 firefox-ro-60.4.0-1.mga6 firefox-ru-60.4.0-1.mga6 firefox-si-60.4.0-1.mga6 firefox-sk-60.4.0-1.mga6 firefox-sl-60.4.0-1.mga6 firefox-sq-60.4.0-1.mga6 firefox-sr-60.4.0-1.mga6 firefox-sv_SE-60.4.0-1.mga6 firefox-ta-60.4.0-1.mga6 firefox-te-60.4.0-1.mga6 firefox-th-60.4.0-1.mga6 firefox-tr-60.4.0-1.mga6 firefox-uk-60.4.0-1.mga6 firefox-uz-60.4.0-1.mga6 firefox-vi-60.4.0-1.mga6 firefox-xh-60.4.0-1.mga6 firefox-zh_CN-60.4.0-1.mga6 firefox-zh_TW-60.4.0-1.mga6 from SRPMS: firefox-60.4.0-1.mga6.src.rpm firefox-l10n-60.4.0-1.mga6.src.rpm
Depends on: (none) => 23972
OK 64 bit, swedish, Plasma, Nvidia Upon start it reloads all tabs the previous version had open, youtube and svtplay plays videos, etc, i see no regression, using it from now on in production.
CC: (none) => fri
on mga6-64 plasma packages installed cleanly: firefox-en_GB-60.4.0-1.mga6.noarch firefox-60.4.0-1.mga6.x86_64 no regressions observed looks OK for mga6-64
CC: (none) => jim
MGA6-32 MATE (dutch) on IBM Thinkpad R50e No installation issues, nl language package automatically drawn in. Tested with my usual newspaper site with text, video , sound etc... All is OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
MGA6-64 Plasma on HP Probook 6550b. Installed this, nss (bug 23972) and Thunderbird all at the same time, using QA Repo. US English language versions. No installation issues. Tested with a newspaper site, Facebook, Youtube, and a weather radar site. All worked as expected, including a loop on the radar site that uses Flash. OK here for 64-bit. Validating. Advisory in Description.
Keywords: (none) => validated_updateWhiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Actually there's no advisory yet. Validation is fine but don't push yet.
(In reply to David Walser from comment #5) > Actually there's no advisory yet. Validation is fine but don't push yet. Oops. Must remember to read these things closer.
Nothing from RedHat yet, but upstream's advisory is posted. Preliminary advisory for us: Advisory: ======================== Updated firefox packages fix security vulnerabilities: A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash (CVE-2018-17466). A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash (CVE-2018-18492). A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash (CVE-2018-18493). A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft (CVE-2018-19494). A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write (CVE-2018-18498). Memory safety bugs present in Firefox ESR 60.3, some of which showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2018-12405). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Advisoried from comments 0 and 7.
Keywords: (none) => advisoryCC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0483.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
RedHat has issued an advisory for this today (December 17): https://access.redhat.com/errata/RHSA-2018:3833