Mozilla has released Firefox 60.5.1 today (February 14): https://www.mozilla.org/en-US/firefox/60.5.1/releasenotes/ The security issues fixed are listed here: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Package builds are starting. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ Updated packages in core/updates_testing: ======================== firefox-60.5.1-1.mga6 firefox-devel-60.5.1-1.mga6 firefox-af-60.5.1-1.mga6 firefox-an-60.5.1-1.mga6 firefox-ar-60.5.1-1.mga6 firefox-as-60.5.1-1.mga6 firefox-ast-60.5.1-1.mga6 firefox-az-60.5.1-1.mga6 firefox-bg-60.5.1-1.mga6 firefox-bn_IN-60.5.1-1.mga6 firefox-bn_BD-60.5.1-1.mga6 firefox-br-60.5.1-1.mga6 firefox-bs-60.5.1-1.mga6 firefox-ca-60.5.1-1.mga6 firefox-cs-60.5.1-1.mga6 firefox-cy-60.5.1-1.mga6 firefox-da-60.5.1-1.mga6 firefox-de-60.5.1-1.mga6 firefox-el-60.5.1-1.mga6 firefox-en_GB-60.5.1-1.mga6 firefox-en_US-60.5.1-1.mga6 firefox-en_ZA-60.5.1-1.mga6 firefox-eo-60.5.1-1.mga6 firefox-es_AR-60.5.1-1.mga6 firefox-es_CL-60.5.1-1.mga6 firefox-es_ES-60.5.1-1.mga6 firefox-es_MX-60.5.1-1.mga6 firefox-et-60.5.1-1.mga6 firefox-eu-60.5.1-1.mga6 firefox-fa-60.5.1-1.mga6 firefox-ff-60.5.1-1.mga6 firefox-fi-60.5.1-1.mga6 firefox-fr-60.5.1-1.mga6 firefox-fy_NL-60.5.1-1.mga6 firefox-ga_IE-60.5.1-1.mga6 firefox-gd-60.5.1-1.mga6 firefox-gl-60.5.1-1.mga6 firefox-gu_IN-60.5.1-1.mga6 firefox-he-60.5.1-1.mga6 firefox-hi_IN-60.5.1-1.mga6 firefox-hr-60.5.1-1.mga6 firefox-hsb-60.5.1-1.mga6 firefox-hu-60.5.1-1.mga6 firefox-hy_AM-60.5.1-1.mga6 firefox-id-60.5.1-1.mga6 firefox-is-60.5.1-1.mga6 firefox-it-60.5.1-1.mga6 firefox-ja-60.5.1-1.mga6 firefox-kk-60.5.1-1.mga6 firefox-km-60.5.1-1.mga6 firefox-kn-60.5.1-1.mga6 firefox-ko-60.5.1-1.mga6 firefox-lij-60.5.1-1.mga6 firefox-lt-60.5.1-1.mga6 firefox-lv-60.5.1-1.mga6 firefox-mai-60.5.1-1.mga6 firefox-mk-60.5.1-1.mga6 firefox-ml-60.5.1-1.mga6 firefox-mr-60.5.1-1.mga6 firefox-ms-60.5.1-1.mga6 firefox-nb_NO-60.5.1-1.mga6 firefox-nl-60.5.1-1.mga6 firefox-nn_NO-60.5.1-1.mga6 firefox-or-60.5.1-1.mga6 firefox-pa_IN-60.5.1-1.mga6 firefox-pl-60.5.1-1.mga6 firefox-pt_BR-60.5.1-1.mga6 firefox-pt_PT-60.5.1-1.mga6 firefox-ro-60.5.1-1.mga6 firefox-ru-60.5.1-1.mga6 firefox-si-60.5.1-1.mga6 firefox-sk-60.5.1-1.mga6 firefox-sl-60.5.1-1.mga6 firefox-sq-60.5.1-1.mga6 firefox-sr-60.5.1-1.mga6 firefox-sv_SE-60.5.1-1.mga6 firefox-ta-60.5.1-1.mga6 firefox-te-60.5.1-1.mga6 firefox-th-60.5.1-1.mga6 firefox-tr-60.5.1-1.mga6 firefox-uk-60.5.1-1.mga6 firefox-uz-60.5.1-1.mga6 firefox-vi-60.5.1-1.mga6 firefox-xh-60.5.1-1.mga6 firefox-zh_CN-60.5.1-1.mga6 firefox-zh_TW-60.5.1-1.mga6 from SRPMS: firefox-60.5.1-1.mga6.src.rpm firefox-l10n-60.5.1-1.mga6.src.rpm
MGA6-32 MATE on IBM Thinkpad R50e No installation issues (Dutch version) This website works OK with it, as does my usual newspaper with text,sound, pictures and Video. OK for me.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Tested mga6-64. Acid 3 ok-ish, but no different than usual. Jetstream ok General browsing ok YouTube video ok Validating, ready for push when advisory uploaded to SVN.
Keywords: (none) => validated_updateWhiteboard: MGA6-32-OK => MGA6-32-OK, mga6-64-okCC: (none) => wrw105, sysadmin-bugs
Advisory: ======================== Updated firefox packages fix security vulnerabilities: A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash (CVE-2018-18356). An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash (CVE-2019-5785). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0089.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
RedHat has issued an advisory for this today (February 19): https://access.redhat.com/errata/RHSA-2019:0374