Firefox ESR 68.0 was released on July 8 or 9: https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ We need to update to it along with updating rootcerts and nss (already in SVN).
Blocks: (none) => 25102
Reference for NSS update: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.45_release_notes
Blocks: 25102 => (none)
Blocks: (none) => 25103
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712) Use-after-free with HTTP/2 cached stream. (CVE-2019-11713) NeckoChild can trigger crash when accessed off of main thread. (CVE-2019-11714) Empty or malformed p256-ECDH public keys may trigger a segmentation fault. (CVE-2019-11729) HTML parsing error can contribute to content XSS. (CVE-2019-11715) globalThis not enumerable until accessed. (CVE-2019-11716) Caret character improperly escaped in origins. (CVE-2019-11717) Activity Stream writes unsanitized content to innerHTML. (CVE-2019-11718) Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719) Character encoding XSS vulnerability. (CVE-2019-11720) Domain spoofing through unicode latin 'kra' character. (CVE-2019-11721) Same-origin policy treats all files in a directory as having the same-origin. (CVE-2019-11730) Cookie leakage during add-on fetching across private browsing boundaries. (CVE-2019-11723) Retired site input.mozilla.org has remote troubleshooting permissions. (CVE-2019-11724) Websocket resources bypass safebrowsing protections. (CVE-2019-11725) PKCS#1 v1.5 signatures can be used for TLS 1.3. (CVE-2019-11727) Port scanning through Alt-Svc header. (CVE-2019-11728) Memory safety bugs fixed in Firefox 68. (CVE-2019-11710) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8. (CVE-2019-11709) References: https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/ https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.45_release_notes https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11714 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11716 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11710 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709 ======================== Updated packages in core/updates_testing: ======================== firefox-68.0-1.1.mga7 firefox-devel-68.0-1.1.mga7 firefox-af-68.0-1.mga7 firefox-an-68.0-1.mga7 firefox-ar-68.0-1.mga7 firefox-ast-68.0-1.mga7 firefox-az-68.0-1.mga7 firefox-bg-68.0-1.mga7 firefox-bn-68.0-1.mga7 firefox-br-68.0-1.mga7 firefox-bs-68.0-1.mga7 firefox-ca-68.0-1.mga7 firefox-cs-68.0-1.mga7 firefox-cy-68.0-1.mga7 firefox-da-68.0-1.mga7 firefox-de-68.0-1.mga7 firefox-el-68.0-1.mga7 firefox-en_GB-68.0-1.mga7 firefox-en_US-68.0-1.mga7 firefox-eo-68.0-1.mga7 firefox-es_AR-68.0-1.mga7 firefox-es_CL-68.0-1.mga7 firefox-es_ES-68.0-1.mga7 firefox-es_MX-68.0-1.mga7 firefox-et-68.0-1.mga7 firefox-eu-68.0-1.mga7 firefox-fa-68.0-1.mga7 firefox-ff-68.0-1.mga7 firefox-fi-68.0-1.mga7 firefox-fr-68.0-1.mga7 firefox-fy_NL-68.0-1.mga7 firefox-ga_IE-68.0-1.mga7 firefox-gd-68.0-1.mga7 firefox-gl-68.0-1.mga7 firefox-gu_IN-68.0-1.mga7 firefox-he-68.0-1.mga7 firefox-hi_IN-68.0-1.mga7 firefox-hr-68.0-1.mga7 firefox-hsb-68.0-1.mga7 firefox-hu-68.0-1.mga7 firefox-hy_AM-68.0-1.mga7 firefox-id-68.0-1.mga7 firefox-is-68.0-1.mga7 firefox-it-68.0-1.mga7 firefox-ja-68.0-1.mga7 firefox-kk-68.0-1.mga7 firefox-km-68.0-1.mga7 firefox-kn-68.0-1.mga7 firefox-ko-68.0-1.mga7 firefox-lij-68.0-1.mga7 firefox-lt-68.0-1.mga7 firefox-lv-68.0-1.mga7 firefox-mk-68.0-1.mga7 firefox-mr-68.0-1.mga7 firefox-ms-68.0-1.mga7 firefox-nb_NO-68.0-1.mga7 firefox-nl-68.0-1.mga7 firefox-nn_NO-68.0-1.mga7 firefox-pa_IN-68.0-1.mga7 firefox-pl-68.0-1.mga7 firefox-pt_BR-68.0-1.mga7 firefox-pt_PT-68.0-1.mga7 firefox-ro-68.0-1.mga7 firefox-ru-68.0-1.mga7 firefox-si-68.0-1.mga7 firefox-sk-68.0-1.mga7 firefox-sl-68.0-1.mga7 firefox-sq-68.0-1.mga7 firefox-sr-68.0-1.mga7 firefox-sv_SE-68.0-1.mga7 firefox-ta-68.0-1.mga7 firefox-te-68.0-1.mga7 firefox-th-68.0-1.mga7 firefox-tr-68.0-1.mga7 firefox-uk-68.0-1.mga7 firefox-uz-68.0-1.mga7 firefox-vi-68.0-1.mga7 firefox-xh-68.0-1.mga7 firefox-zh_CN-68.0-1.mga7 firefox-zh_TW-68.0-1.mga7 nss-3.45.0-1.mga7 nss-doc-3.45.0-1.mga7 lib(64)nss3-3.45.0-1.mga7 lib(64)nss-devel-3.45.0-1.mga7 lib(64)nss-static-devel-3.45.0-1.mga7 rootcerts-20190604.00-1.mga7 rootcerts-java-20190604.00-1.mga7 from SRPMS: firefox-68.0-1.1.mga7.src.rpm firefox-l10n-68.0-1.mga7.src.rpm nss-3.45.0-1.mga7.src.rpm rootcerts-20190604.00-1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsBlocks: (none) => 24409Status: NEW => ASSIGNED
[root@x7s ~]# urpmq -i firefox-en_GB|grep ^Source Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Build Host: localhost Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Source RPM : firefox-l10n-68.0-1.mga7.src.rpm Build Host: localhost [root@x7s ~]# urpmq -i firefox-en_ZA|grep ^Source Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Build Host: localhost Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Has en_ZA intentionally been dropped? While it shouldn't be installed by default on en_GB or en_US systems, it should be available for systems set up for South Africa.
CC: (none) => davidwhodgins
Tested mga7-64 general browsing and youtube video OK. Jetstream OK As a note, Icedteaweb no longer works for me on this version, plugin not in the list in firefox.
CC: (none) => wrw105Whiteboard: (none) => mga7-64-ok
Removing mga7-64-ok tag, adding feedback keyword pending a fix for the regression in comment 3.
Keywords: (none) => feedbackWhiteboard: mga7-64-ok => (none)
Dave: Not sure this counts as a regression, as plugins have been deprecated in Firefox since 51....it was more an informational note.
Whiteboard: (none) => MGA7-64-OKKeywords: feedback => (none)
(In reply to Dave Hodgins from comment #3) > [root@x7s ~]# urpmq -i firefox-en_GB|grep ^Source > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Build Host: localhost > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm > Source RPM : firefox-l10n-68.0-1.mga7.src.rpm Build Host: localhost > [root@x7s ~]# urpmq -i firefox-en_ZA|grep ^Source > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm Build Host: localhost > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm > Source RPM : firefox-l10n-67.0.4-1.mga7.src.rpm > > Has en_ZA intentionally been dropped? While it shouldn't be installed by > default on en_GB or en_US systems, it should be available for systems set up > for > South Africa. From https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ "The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version."
on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.0-1.1.mga7.x86_64 - firefox-en_GB-68.0-1.mga7.noarch - lib64nss3-3.45.0-1.mga7.x86_64 - nss-3.45.0-1.mga7.x86_64 - rootcerts-20190604.00-1.mga7.noarch - rootcerts-java-20190604.00-1.mga7.noarch no regressions observed looks OK for mga7-64
CC: (none) => jim
mga7-32 tested General browsing, jetstream, youtube video all check out. validating. Ready for push when advisory uploaded to svn.
Whiteboard: MGA7-64-OK => MGA7-64-OK mga7-32-okKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0213.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED