Mozilla has released new Firefox versions yesterday (June 20): https://www.mozilla.org/en-US/firefox/60.7.2/releasenotes/ https://www.mozilla.org/en-US/firefox/67.0.4/releasenotes/ It fixes a vulnerability that's being exploited in the wild: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Source RPM: (none) => firefox, firefox-l10nCVE: (none) => CVE-2019-11708Priority: Normal => HighWhiteboard: (none) => MGA7TOO, MGA6TOO
Thierry: assigning to you for starters since you have comitted this before. If this is wrong, sorry; I suspect you will know where to push it. Unsure whether this falls foul of M7 version freeze.
CC: (none) => lewyssmithAssignee: bugsquad => thierry.vignaud
Cauldron package moved to release before final iso builds started
Whiteboard: MGA7TOO, MGA6TOO => (none)Version: Cauldron => 6CC: (none) => tmb
Suggested advisory: ======================== The updated packages fix a security vulnerability that's being exploited in the wild: sandbox escape using Prompt:Open. (CVE-2019-11708) References: https://www.mozilla.org/en-US/firefox/60.7.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11708 ======================== Updated packages in core/updates_testing: ======================== firefox-60.7.2-1.mga6 firefox-devel-60.7.2-1.mga6 firefox-af-60.7.2-1.mga6 firefox-an-60.7.2-1.mga6 firefox-ar-60.7.2-1.mga6 firefox-as-60.7.2-1.mga6 firefox-ast-60.7.2-1.mga6 firefox-az-60.7.2-1.mga6 firefox-bg-60.7.2-1.mga6 firefox-bn_IN-60.7.2-1.mga6 firefox-bn_BD-60.7.2-1.mga6 firefox-br-60.7.2-1.mga6 firefox-bs-60.7.2-1.mga6 firefox-ca-60.7.2-1.mga6 firefox-cs-60.7.2-1.mga6 firefox-cy-60.7.2-1.mga6 firefox-da-60.7.2-1.mga6 firefox-de-60.7.2-1.mga6 firefox-el-60.7.2-1.mga6 firefox-en_GB-60.7.2-1.mga6 firefox-en_US-60.7.2-1.mga6 firefox-en_ZA-60.7.2-1.mga6 firefox-eo-60.7.2-1.mga6 firefox-es_AR-60.7.2-1.mga6 firefox-es_CL-60.7.2-1.mga6 firefox-es_ES-60.7.2-1.mga6 firefox-es_MX-60.7.2-1.mga6 firefox-et-60.7.2-1.mga6 firefox-eu-60.7.2-1.mga6 firefox-fa-60.7.2-1.mga6 firefox-ff-60.7.2-1.mga6 firefox-fi-60.7.2-1.mga6 firefox-fr-60.7.2-1.mga6 firefox-fy_NL-60.7.2-1.mga6 firefox-ga_IE-60.7.2-1.mga6 firefox-gd-60.7.2-1.mga6 firefox-gl-60.7.2-1.mga6 firefox-gu_IN-60.7.2-1.mga6 firefox-he-60.7.2-1.mga6 firefox-hi_IN-60.7.2-1.mga6 firefox-hr-60.7.2-1.mga6 firefox-hsb-60.7.2-1.mga6 firefox-hu-60.7.2-1.mga6 firefox-hy_AM-60.7.2-1.mga6 firefox-id-60.7.2-1.mga6 firefox-is-60.7.2-1.mga6 firefox-it-60.7.2-1.mga6 firefox-ja-60.7.2-1.mga6 firefox-kk-60.7.2-1.mga6 firefox-km-60.7.2-1.mga6 firefox-kn-60.7.2-1.mga6 firefox-ko-60.7.2-1.mga6 firefox-lij-60.7.2-1.mga6 firefox-lt-60.7.2-1.mga6 firefox-lv-60.7.2-1.mga6 firefox-mai-60.7.2-1.mga6 firefox-mk-60.7.2-1.mga6 firefox-ml-60.7.2-1.mga6 firefox-mr-60.7.2-1.mga6 firefox-ms-60.7.2-1.mga6 firefox-nb_NO-60.7.2-1.mga6 firefox-nl-60.7.2-1.mga6 firefox-nn_NO-60.7.2-1.mga6 firefox-or-60.7.2-1.mga6 firefox-pa_IN-60.7.2-1.mga6 firefox-pl-60.7.2-1.mga6 firefox-pt_BR-60.7.2-1.mga6 firefox-pt_PT-60.7.2-1.mga6 firefox-ro-60.7.2-1.mga6 firefox-ru-60.7.2-1.mga6 firefox-si-60.7.2-1.mga6 firefox-sk-60.7.2-1.mga6 firefox-sl-60.7.2-1.mga6 firefox-sq-60.7.2-1.mga6 firefox-sr-60.7.2-1.mga6 firefox-sv_SE-60.7.2-1.mga6 firefox-ta-60.7.2-1.mga6 firefox-te-60.7.2-1.mga6 firefox-th-60.7.2-1.mga6 firefox-tr-60.7.2-1.mga6 firefox-uk-60.7.2-1.mga6 firefox-uz-60.7.2-1.mga6 firefox-vi-60.7.2-1.mga6 firefox-xh-60.7.2-1.mga6 firefox-zh_CN-60.7.2-1.mga6 firefox-zh_TW-60.7.2-1.mga6 from SRPMS: firefox-60.7.2-1.mga6.src.rpm firefox-l10n-60.7.2-1.mga6.src.rpm
Status: NEW => ASSIGNEDAssignee: thierry.vignaud => qa-bugs
mga6 64 bit, Plasma, swedish. Working OK a during a day use multiple sites, video, audio.
CC: (none) => fri
MGA6-32 MATE on IBM Thinkpad R50e Installed firefox-60.7.2 in Dutch. no issues Newspaper site with text, pictures and video all OK.
CC: (none) => herman.viaene
CC: lewyssmith => (none)
on mga6-64 plasma packages installed cleanly: - firefox-60.7.2-1.mga6.x86_64 - firefox-en_GB-60.7.2-1.mga6.noarch no regressions observed looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.12.0 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
Whiteboard: (none) => MGA6-64-OKCC: (none) => jim
Validating. Suggested advisory in Comment 3. Since all the tests are for the Mga6 version, I'm wondering if the bug's title should be changed to remove the reference to the Mga7 version, but I leave that for others to decide.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0202.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED