Hi, Firefox 60.8 has been released (July 9). References: https://www.mozilla.org/en-US/firefox/60.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/ Best regards, Nico.
Source RPM: (none) => firefox, firefox-l10n
Also TODO for this, update rootcerts to 20190604 and nss to 3.36.8. I see Nicolas already built nss unfortunately, so it'll need to be rebuilt after rootcerts is built.
Only nss needs to be rebuilt after rootcerts is built or firefox needs too?
Only nss.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712) Use-after-free with HTTP/2 cached stream. (CVE-2019-11713) Empty or malformed p256-ECDH public keys may trigger a segmentation fault. (CVE-2019-11729) HTML parsing error can contribute to content XSS. (CVE-2019-11715) Caret character improperly escaped in origins. (CVE-2019-11717) Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719) Same-origin policy treats all files in a directory as having the same-origin. (CVE-2019-11730) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8. (CVE-2019-11709) References: https://www.mozilla.org/en-US/firefox/60.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709 ======================== Updated packages in core/updates_testing: ======================== firefox-60.8.0-1.mga6 firefox-devel-60.8.0-1.mga6 firefox-af-60.8.0-1.mga6 firefox-an-60.8.0-1.mga6 firefox-ar-60.8.0-1.mga6 firefox-as-60.8.0-1.mga6 firefox-ast-60.8.0-1.mga6 firefox-az-60.8.0-1.mga6 firefox-bg-60.8.0-1.mga6 firefox-bn_IN-60.8.0-1.mga6 firefox-bn_BD-60.8.0-1.mga6 firefox-br-60.8.0-1.mga6 firefox-bs-60.8.0-1.mga6 firefox-ca-60.8.0-1.mga6 firefox-cs-60.8.0-1.mga6 firefox-cy-60.8.0-1.mga6 firefox-da-60.8.0-1.mga6 firefox-de-60.8.0-1.mga6 firefox-el-60.8.0-1.mga6 firefox-en_GB-60.8.0-1.mga6 firefox-en_US-60.8.0-1.mga6 firefox-en_ZA-60.8.0-1.mga6 firefox-eo-60.8.0-1.mga6 firefox-es_AR-60.8.0-1.mga6 firefox-es_CL-60.8.0-1.mga6 firefox-es_ES-60.8.0-1.mga6 firefox-es_MX-60.8.0-1.mga6 firefox-et-60.8.0-1.mga6 firefox-eu-60.8.0-1.mga6 firefox-fa-60.8.0-1.mga6 firefox-ff-60.8.0-1.mga6 firefox-fi-60.8.0-1.mga6 firefox-fr-60.8.0-1.mga6 firefox-fy_NL-60.8.0-1.mga6 firefox-ga_IE-60.8.0-1.mga6 firefox-gd-60.8.0-1.mga6 firefox-gl-60.8.0-1.mga6 firefox-gu_IN-60.8.0-1.mga6 firefox-he-60.8.0-1.mga6 firefox-hi_IN-60.8.0-1.mga6 firefox-hr-60.8.0-1.mga6 firefox-hsb-60.8.0-1.mga6 firefox-hu-60.8.0-1.mga6 firefox-hy_AM-60.8.0-1.mga6 firefox-id-60.8.0-1.mga6 firefox-is-60.8.0-1.mga6 firefox-it-60.8.0-1.mga6 firefox-ja-60.8.0-1.mga6 firefox-kk-60.8.0-1.mga6 firefox-km-60.8.0-1.mga6 firefox-kn-60.8.0-1.mga6 firefox-ko-60.8.0-1.mga6 firefox-lij-60.8.0-1.mga6 firefox-lt-60.8.0-1.mga6 firefox-lv-60.8.0-1.mga6 firefox-mai-60.8.0-1.mga6 firefox-mk-60.8.0-1.mga6 firefox-ml-60.8.0-1.mga6 firefox-mr-60.8.0-1.mga6 firefox-ms-60.8.0-1.mga6 firefox-nb_NO-60.8.0-1.mga6 firefox-nl-60.8.0-1.mga6 firefox-nn_NO-60.8.0-1.mga6 firefox-or-60.8.0-1.mga6 firefox-pa_IN-60.8.0-1.mga6 firefox-pl-60.8.0-1.mga6 firefox-pt_BR-60.8.0-1.mga6 firefox-pt_PT-60.8.0-1.mga6 firefox-ro-60.8.0-1.mga6 firefox-ru-60.8.0-1.mga6 firefox-si-60.8.0-1.mga6 firefox-sk-60.8.0-1.mga6 firefox-sl-60.8.0-1.mga6 firefox-sq-60.8.0-1.mga6 firefox-sr-60.8.0-1.mga6 firefox-sv_SE-60.8.0-1.mga6 firefox-ta-60.8.0-1.mga6 firefox-te-60.8.0-1.mga6 firefox-th-60.8.0-1.mga6 firefox-tr-60.8.0-1.mga6 firefox-uk-60.8.0-1.mga6 firefox-uz-60.8.0-1.mga6 firefox-vi-60.8.0-1.mga6 firefox-xh-60.8.0-1.mga6 firefox-zh_CN-60.8.0-1.mga6 firefox-zh_TW-60.8.0-1.mga6 nss-3.36.8-1.1.mga6 nss-doc-3.36.8-1.1.mga6 lib(64)nss3-3.36.8-1.1.mga6 lib(64)nss-devel-3.36.8-1.1.mga6 lib(64)nss-static-devel-3.36.8-1.1.mga6 rootcerts-20190604.00-1.mga6 rootcerts-java-20190604.00-1.mga6 from SRPMS: firefox-60.8.0-1.mga6.src.rpm firefox-l10n-60.8.0-1.mga6.src.rpm nss-3.36.8-1.1.mga6.src.rpm rootcerts-20190604.00-1.mga6.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Addition to the references: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.8_release_notes
Source RPM: firefox, firefox-l10n => rootcerts, nss, firefox, firefox-l10nDepends on: (none) => 25105
The following 5 packages are going to be installed: - firefox-60.8.0-1.mga6.i586 - firefox-en_GB-60.8.0-1.mga6.noarch - firefox-en_US-60.8.0-1.mga6.noarch - firefox-en_ZA-60.8.0-1.mga6.noarch - libnss3-3.36.8-1.1.mga6.i586 $ firefox -v Mozilla Firefox 60.8.0 The browser worked fine on multiple sites. I ran it from the command line so noticed these. Not sure if the last is considered critical or not. $ firefox alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 [Parent 30496, Gecko_IOThread] WARNING: pipe error (127): Connection reset by peer: file /home/iurt/rpmbuild/BUILD/firefox-60.8.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 342 ###!!! [Parent][MessageChannel] Error: (msgtype=0x160080,name=PBrowser::Msg_Destroy) Closed channel: cannot send/recv I think this is just from me closing the browser, so probably just doing a quick break from communication.
CC: (none) => brtians1
Brian, rootcerts should be installed too.
got it The following 2 packages are going to be installed: - rootcerts-20190604.00-1.mga6.noarch - rootcerts-java-20190604.00-1.mga6.noarch Firefox is functioning as expected.
(In reply to Brian Rockwell from comment #8) > got it > > The following 2 packages are going to be installed: > > - rootcerts-20190604.00-1.mga6.noarch > - rootcerts-java-20190604.00-1.mga6.noarch > > > Firefox is functioning as expected. [brian@localhost ~]$ firefox alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 alloc factor 0.900000 0.900000 [brian@localhost ~]$
on mga6-64 plasma packages installed cleanly: - firefox-60.8.0-1.mga6.x86_64 - firefox-en_GB-60.8.0-1.mga6.noarch - lib64nss3-3.36.8-1.1.mga6.x86_64 - nss-3.36.8-1.1.mga6.x86_64 - rootcerts-20190604.00-1.mga6.noarch - rootcerts-java-20190604.00-1.mga6.noarch no regressions observed looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 Mobo: Dell model: 09WH54 v: A00 UEFI [Legacy]: Dell v: 2.13.1 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
CC: (none) => jim
Blocks: (none) => 25103
Why is this bug marked as depending on bug#25105 - that is a later version?
Because the rootcerts update has to ship in mga7 first or at the same time.
(In reply to David Walser from comment #12) > Because the rootcerts update has to ship in mga7 first or at the same time. This applies to bug 25103 not that bug
Depends on: 25105 => (none)
Whiteboard: (none) => MGA6-64-OK
Depends on: (none) => 25105
Test OK mga6-64, plasma, hidpi screen, nvidia driver, i7 CPU. Hundreds of tabs, video with audio, many sites login incl banking.
CC: (none) => fri
swedish, i forgot to mention
RedHat has issued an advisory for this on July 8: https://access.redhat.com/errata/RHSA-2019:1696
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0211.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED