Mozilla has released new Firefox versions today (June 18): https://www.mozilla.org/en-US/firefox/60.7.1/releasenotes/ https://www.mozilla.org/en-US/firefox/67.0.3/releasenotes/ It fixes a vulnerability that's being exploited in the wild: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
Whiteboard: (none) => MGA7TOO, MGA6TOO
CC: (none) => tmbPriority: Normal => High
Suggested advisory: ======================== The updated packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. (CVE-2019-11707) References: https://www.mozilla.org/en-US/firefox/60.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707 ======================== Updated packages in core/updates_testing: ======================== firefox-60.7.1-1.mga6 firefox-devel-60.7.1-1.mga6 firefox-af-60.7.1-1.mga6 firefox-an-60.7.1-1.mga6 firefox-ar-60.7.1-1.mga6 firefox-as-60.7.1-1.mga6 firefox-ast-60.7.1-1.mga6 firefox-az-60.7.1-1.mga6 firefox-bg-60.7.1-1.mga6 firefox-bn_IN-60.7.1-1.mga6 firefox-bn_BD-60.7.1-1.mga6 firefox-br-60.7.1-1.mga6 firefox-bs-60.7.1-1.mga6 firefox-ca-60.7.1-1.mga6 firefox-cs-60.7.1-1.mga6 firefox-cy-60.7.1-1.mga6 firefox-da-60.7.1-1.mga6 firefox-de-60.7.1-1.mga6 firefox-el-60.7.1-1.mga6 firefox-en_GB-60.7.1-1.mga6 firefox-en_US-60.7.1-1.mga6 firefox-en_ZA-60.7.1-1.mga6 firefox-eo-60.7.1-1.mga6 firefox-es_AR-60.7.1-1.mga6 firefox-es_CL-60.7.1-1.mga6 firefox-es_ES-60.7.1-1.mga6 firefox-es_MX-60.7.1-1.mga6 firefox-et-60.7.1-1.mga6 firefox-eu-60.7.1-1.mga6 firefox-fa-60.7.1-1.mga6 firefox-ff-60.7.1-1.mga6 firefox-fi-60.7.1-1.mga6 firefox-fr-60.7.1-1.mga6 firefox-fy_NL-60.7.1-1.mga6 firefox-ga_IE-60.7.1-1.mga6 firefox-gd-60.7.1-1.mga6 firefox-gl-60.7.1-1.mga6 firefox-gu_IN-60.7.1-1.mga6 firefox-he-60.7.1-1.mga6 firefox-hi_IN-60.7.1-1.mga6 firefox-hr-60.7.1-1.mga6 firefox-hsb-60.7.1-1.mga6 firefox-hu-60.7.1-1.mga6 firefox-hy_AM-60.7.1-1.mga6 firefox-id-60.7.1-1.mga6 firefox-is-60.7.1-1.mga6 firefox-it-60.7.1-1.mga6 firefox-ja-60.7.1-1.mga6 firefox-kk-60.7.1-1.mga6 firefox-km-60.7.1-1.mga6 firefox-kn-60.7.1-1.mga6 firefox-ko-60.7.1-1.mga6 firefox-lij-60.7.1-1.mga6 firefox-lt-60.7.1-1.mga6 firefox-lv-60.7.1-1.mga6 firefox-mai-60.7.1-1.mga6 firefox-mk-60.7.1-1.mga6 firefox-ml-60.7.1-1.mga6 firefox-mr-60.7.1-1.mga6 firefox-ms-60.7.1-1.mga6 firefox-nb_NO-60.7.1-1.mga6 firefox-nl-60.7.1-1.mga6 firefox-nn_NO-60.7.1-1.mga6 firefox-or-60.7.1-1.mga6 firefox-pa_IN-60.7.1-1.mga6 firefox-pl-60.7.1-1.mga6 firefox-pt_BR-60.7.1-1.mga6 firefox-pt_PT-60.7.1-1.mga6 firefox-ro-60.7.1-1.mga6 firefox-ru-60.7.1-1.mga6 firefox-si-60.7.1-1.mga6 firefox-sk-60.7.1-1.mga6 firefox-sl-60.7.1-1.mga6 firefox-sq-60.7.1-1.mga6 firefox-sr-60.7.1-1.mga6 firefox-sv_SE-60.7.1-1.mga6 firefox-ta-60.7.1-1.mga6 firefox-te-60.7.1-1.mga6 firefox-th-60.7.1-1.mga6 firefox-tr-60.7.1-1.mga6 firefox-uk-60.7.1-1.mga6 firefox-uz-60.7.1-1.mga6 firefox-vi-60.7.1-1.mga6 firefox-xh-60.7.1-1.mga6 firefox-zh_CN-60.7.1-1.mga6 firefox-zh_TW-60.7.1-1.mga6 from SRPMS: firefox-60.7.1-1.mga6.src.rpm firefox-l10n-60.7.1-1.mga6.src.rpm
Source RPM: firefox => firefox, firefox-l10nCVE: (none) => CVE-2019-11707Version: Cauldron => 6Assignee: thierry.vignaud => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA7TOO, MGA6TOO => (none)CC: (none) => nicolas.salguero
on mga6-64 plasma packages installed cleanly: - firefox-60.7.1-1.mga6.x86_64 - firefox-en_GB-60.7.1-1.mga6.noarch no regressions observed looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.12.0 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
CC: (none) => jim
Whiteboard: (none) => MGA6-64-OK
On mga6-32 Plasma, using the server kernel Packages installed cleanly, no issues observed. HP Probook 6550b, i3, 8GB, Intel graphics, Intel wifi. Looks OK for 32-bit here.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKCC: (none) => andrewsfarm
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0198.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED