Firefox ESR 68.0.2 was released on August 14: https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/
Whiteboard: (none) => MGA7TOOCVE: (none) => CVE-2019-11733Source RPM: (none) => firefox, firefox-l10n
rootcerts and nspr (4.22) updates to come with this (plus nss rebuild for rootcerts). https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0
Since Mageia 6 won't be getting a Firefox update, it'll have a different advisory for the rootcerts/nspr update. Package list (Mageia 6): rootcerts-20190820.00-1.mga6 rootcerts-java-20190820.00-1.mga6 libnspr4-4.22-1.mga6 libnspr-devel-4.22-1.mga6 nss-3.36.8-1.2.mga6 nss-doc-3.36.8-1.2.mga6 libnss3-3.36.8-1.2.mga6 libnss-devel-3.36.8-1.2.mga6 libnss-static-devel-3.36.8-1.2.mga6 from SRPMS: rootcerts-20190820.00-1.mga6.src.rpm nspr-4.22-1.mga6.src.rpm nss-3.36.8-1.2.mga6.src.rpm Package list (Mageia 7, not including firefox/firefox-l10n): rootcerts-20190820.00-1.mga7 rootcerts-java-20190820.00-1.mga7 libnspr4-4.22-1.mga7 libnspr-devel-4.22-1.mga7 nss-3.45.0-1.1.mga7 nss-doc-3.45.0-1.1.mga7 libnss3-3.45.0-1.1.mga7 libnss-devel-3.45.0-1.1.mga7 libnss-static-devel-3.45.0-1.1.mga7 from SRPMS: rootcerts-20190820.00-1.mga7.src.rpm nspr-4.22-1.mga7.src.rpm nss-3.45.0-1.1.mga7.src.rpm
Thank you DavidW for jumping on this. Assigning globally as there is no specific maintainer for Firefox; CC'ing Thierry (I hope the right one) who has often dealt with it in the past.
CC: (none) => thierry.vignaudAssignee: bugsquad => pkg-bugs
For Firefox itself, Nicolas is working on it.
Hi, Done for Mageia 7 (firefox, firefox-l10n). The main problem is for Cauldron where the build fails for i586 (same problem as several weeks ago: build killed apparently because of the timeout but the timeout is normally reached after 10 hours and the build is killed after a little more than an hour). Best regards, Nico.
Package list for Firefox itself (the rest of the list is in Comment 2): firefox-68.0.2-1.mga7 firefox-devel-68.0.2-1.mga7 firefox-af-68.0.2-1.mga7 firefox-an-68.0.2-1.mga7 firefox-ar-68.0.2-1.mga7 firefox-ast-68.0.2-1.mga7 firefox-az-68.0.2-1.mga7 firefox-bg-68.0.2-1.mga7 firefox-bn-68.0.2-1.mga7 firefox-br-68.0.2-1.mga7 firefox-bs-68.0.2-1.mga7 firefox-ca-68.0.2-1.mga7 firefox-cs-68.0.2-1.mga7 firefox-cy-68.0.2-1.mga7 firefox-da-68.0.2-1.mga7 firefox-de-68.0.2-1.mga7 firefox-el-68.0.2-1.mga7 firefox-en_GB-68.0.2-1.mga7 firefox-en_US-68.0.2-1.mga7 firefox-eo-68.0.2-1.mga7 firefox-es_AR-68.0.2-1.mga7 firefox-es_CL-68.0.2-1.mga7 firefox-es_ES-68.0.2-1.mga7 firefox-es_MX-68.0.2-1.mga7 firefox-et-68.0.2-1.mga7 firefox-eu-68.0.2-1.mga7 firefox-fa-68.0.2-1.mga7 firefox-ff-68.0.2-1.mga7 firefox-fi-68.0.2-1.mga7 firefox-fr-68.0.2-1.mga7 firefox-fy_NL-68.0.2-1.mga7 firefox-ga_IE-68.0.2-1.mga7 firefox-gd-68.0.2-1.mga7 firefox-gl-68.0.2-1.mga7 firefox-gu_IN-68.0.2-1.mga7 firefox-he-68.0.2-1.mga7 firefox-hi_IN-68.0.2-1.mga7 firefox-hr-68.0.2-1.mga7 firefox-hsb-68.0.2-1.mga7 firefox-hu-68.0.2-1.mga7 firefox-hy_AM-68.0.2-1.mga7 firefox-id-68.0.2-1.mga7 firefox-is-68.0.2-1.mga7 firefox-it-68.0.2-1.mga7 firefox-ja-68.0.2-1.mga7 firefox-kk-68.0.2-1.mga7 firefox-km-68.0.2-1.mga7 firefox-kn-68.0.2-1.mga7 firefox-ko-68.0.2-1.mga7 firefox-lij-68.0.2-1.mga7 firefox-lt-68.0.2-1.mga7 firefox-lv-68.0.2-1.mga7 firefox-mk-68.0.2-1.mga7 firefox-mr-68.0.2-1.mga7 firefox-ms-68.0.2-1.mga7 firefox-nb_NO-68.0.2-1.mga7 firefox-nl-68.0.2-1.mga7 firefox-nn_NO-68.0.2-1.mga7 firefox-pa_IN-68.0.2-1.mga7 firefox-pl-68.0.2-1.mga7 firefox-pt_BR-68.0.2-1.mga7 firefox-pt_PT-68.0.2-1.mga7 firefox-ro-68.0.2-1.mga7 firefox-ru-68.0.2-1.mga7 firefox-si-68.0.2-1.mga7 firefox-sk-68.0.2-1.mga7 firefox-sl-68.0.2-1.mga7 firefox-sq-68.0.2-1.mga7 firefox-sr-68.0.2-1.mga7 firefox-sv_SE-68.0.2-1.mga7 firefox-ta-68.0.2-1.mga7 firefox-te-68.0.2-1.mga7 firefox-th-68.0.2-1.mga7 firefox-tr-68.0.2-1.mga7 firefox-uk-68.0.2-1.mga7 firefox-uz-68.0.2-1.mga7 firefox-vi-68.0.2-1.mga7 firefox-xh-68.0.2-1.mga7 firefox-zh_CN-68.0.2-1.mga7 firefox-zh_TW-68.0.2-1.mga7 from SRPMS: firefox-68.0.2-1.mga7.src.rpm firefox-l10n-68.0.2-1.mga7.src.rpm
I'd say don't worry about Cauldron for now and we can go ahead and push these updates to QA.
For Mageia 6: Suggested advisory: ======================== The updated packages fix several bugs: For rootcerts: - Remove Swisscom Root CA 2 root certificate. - Remove Expired root certificates - Class 2 Primary, UTN-USERFirst-Client, Deutsche Telekom Root CA 2. For NSPR: - Added support for the ARC architecture. - Removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS. - Correctness and build fixes. References: https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0
Version: Cauldron => 7Whiteboard: MGA7TOO => MGA6TOOStatus: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsSource RPM: firefox, firefox-l10n => firefox, firefox-l10n, rootcerts, nspr, nss
For Mageia 7: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733) For rootcerts: - Remove Swisscom Root CA 2 root certificate. - Remove Expired root certificates - Class 2 Primary, UTN-USERFirst-Client, Deutsche Telekom Root CA 2. For NSPR: - Added support for the ARC architecture. - Removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS. - Correctness and build fixes. References: https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0
Summary: Firefox 68.0.2 => Firefox 68.0.2, NSPR 4.22 and rootcerts update
on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.0.2-1.mga7.x86_64 - firefox-en_GB-68.0.2-1.mga7.noarch - lib64nspr4-4.22-1.mga7.x86_64 - lib64nss3-3.45.0-1.1.mga7.x86_64 - nss-3.45.0-1.1.mga7.x86_64 - rootcerts-20190820.00-1.mga7.noarch - rootcerts-java-20190820.00-1.mga7.noarch no regressions observed looks OK for mga7-64
CC: (none) => jim
on mga7-32 kernel-desktop586 plasma in a vbox VM packages installed cleanly: - firefox-68.0.2-1.mga7.i586 - firefox-en_GB-68.0.2-1.mga7.noarch - firefox-en_US-68.0.2-1.mga7.noarch - libnspr4-4.22-1.mga7.i586 - libnss3-3.45.0-1.1.mga7.i586 - nss-3.45.0-1.1.mga7.i586 - rootcerts-20190820.00-1.mga7.noarch - rootcerts-java-20190820.00-1.mga7.noarch looks OK for mga7-32
on mga6-64 kernel-desktop plasma Sorry, the following package cannot be selected: - lib64nss3-3.36.8-1.2.mga6.x86_64 (due to unsatisfied lib64sqlite3_0[>= 3.28.0]) After installing the updates from bug 24750: - lib64sqlite3_0-3.28.0-1.mga6.x86_64 - sqlite3-tools-3.28.0-1.mga6.x86_64 packages installed cleanly: - lib64nspr4-4.22-1.mga6.x86_64 - lib64nss3-3.36.8-1.2.mga6.x86_64 - nss-3.36.8-1.2.mga6.x86_64 - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch no regressions observed looks OK for mga6-64 on this system This update requires the sqlite update, bug 24750
Depends on: (none) => 24750
on mga6-32 in a vbox vm kernel-desktop plasma installed the following from bug 24750 - libsqlite3_0-3.28.0-1.mga6.i586 - sqlite3-tools-3.28.0-1.mga6.i586 packages installed cleanly: - libnspr4-4.22-1.mga6.i586 - libnss3-3.36.8-1.2.mga6.i586 - nss-3.36.8-1.2.mga6.i586 - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch no regressions noted looks OK for mga6-32 This update requires the sqlite update, bug 24750
$ uname -a Linux localhost 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 11:51:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 8 packages are going to be installed: - lib64nspr-devel-4.22-1.mga6.x86_64 - lib64nspr4-4.22-1.mga6.x86_64 - lib64nss3-3.36.8-1.2.mga6.x86_64 - lib64sqlite3_0-3.28.0-1.mga6.x86_64 - nss-3.36.8-1.2.mga6.x86_64 - nss-doc-3.36.8-1.2.mga6.noarch - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch I spent time visiting major sites with firefox. Seemed to be fine. These all installed properly as well. Seems good to me.
CC: (none) => brtians1
NSS 3.46 finally came out, updating Mageia 7 with this: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
We might as well update to Firefox 68.1 too: https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/
(In reply to David Walser from comment #15) > NSS 3.46 finally came out, updating Mageia 7 with this: > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3. > 46_release_notes nss-3.46.0-1.mga7 nss-doc-3.46.0-1.mga7 libnss3-3.46.0-1.mga7 libnss-devel-3.46.0-1.mga7 libnss-static-devel-3.46.0-1.mga7 from nss-3.46.0-1.mga7.src.rpm
Additional references: For Firefox 68.1: https://www.mozilla.org/security/advisories/mfsa2019-26/ For Firefox 60.9: https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/
Summary: Firefox 68.0.2, NSPR 4.22 and rootcerts update => Firefox 68.1 and 60.9, NSPR 4.22 and rootcerts update
Severity: normal => criticalAssignee: qa-bugs => nicolas.salguero
*** Bug 25396 has been marked as a duplicate of this bug. ***
CC: (none) => josemlp
For Mageia 6: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Sandbox escape through Firefox Sync. (CVE-2019-9812) Cross-origin access to unload event attributes. (CVE-2019-11743) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 ======================== Updated packages in core/updates_testing: ======================== firefox-60.9.0-1.mga6 firefox-devel-60.9.0-1.mga6 firefox-af-60.9.0-1.mga6 firefox-an-60.9.0-1.mga6 firefox-ar-60.9.0-1.mga6 firefox-as-60.9.0-1.mga6 firefox-ast-60.9.0-1.mga6 firefox-az-60.9.0-1.mga6 firefox-bg-60.9.0-1.mga6 firefox-bn_IN-60.9.0-1.mga6 firefox-bn_BD-60.9.0-1.mga6 firefox-br-60.9.0-1.mga6 firefox-bs-60.9.0-1.mga6 firefox-ca-60.9.0-1.mga6 firefox-cs-60.9.0-1.mga6 firefox-cy-60.9.0-1.mga6 firefox-da-60.9.0-1.mga6 firefox-de-60.9.0-1.mga6 firefox-el-60.9.0-1.mga6 firefox-en_GB-60.9.0-1.mga6 firefox-en_US-60.9.0-1.mga6 firefox-en_ZA-60.9.0-1.mga6 firefox-eo-60.9.0-1.mga6 firefox-es_AR-60.9.0-1.mga6 firefox-es_CL-60.9.0-1.mga6 firefox-es_ES-60.9.0-1.mga6 firefox-es_MX-60.9.0-1.mga6 firefox-et-60.9.0-1.mga6 firefox-eu-60.9.0-1.mga6 firefox-fa-60.9.0-1.mga6 firefox-ff-60.9.0-1.mga6 firefox-fi-60.9.0-1.mga6 firefox-fr-60.9.0-1.mga6 firefox-fy_NL-60.9.0-1.mga6 firefox-ga_IE-60.9.0-1.mga6 firefox-gd-60.9.0-1.mga6 firefox-gl-60.9.0-1.mga6 firefox-gu_IN-60.9.0-1.mga6 firefox-he-60.9.0-1.mga6 firefox-hi_IN-60.9.0-1.mga6 firefox-hr-60.9.0-1.mga6 firefox-hsb-60.9.0-1.mga6 firefox-hu-60.9.0-1.mga6 firefox-hy_AM-60.9.0-1.mga6 firefox-id-60.9.0-1.mga6 firefox-is-60.9.0-1.mga6 firefox-it-60.9.0-1.mga6 firefox-ja-60.9.0-1.mga6 firefox-kk-60.9.0-1.mga6 firefox-km-60.9.0-1.mga6 firefox-kn-60.9.0-1.mga6 firefox-ko-60.9.0-1.mga6 firefox-lij-60.9.0-1.mga6 firefox-lt-60.9.0-1.mga6 firefox-lv-60.9.0-1.mga6 firefox-mai-60.9.0-1.mga6 firefox-mk-60.9.0-1.mga6 firefox-ml-60.9.0-1.mga6 firefox-mr-60.9.0-1.mga6 firefox-ms-60.9.0-1.mga6 firefox-nb_NO-60.9.0-1.mga6 firefox-nl-60.9.0-1.mga6 firefox-nn_NO-60.9.0-1.mga6 firefox-or-60.9.0-1.mga6 firefox-pa_IN-60.9.0-1.mga6 firefox-pl-60.9.0-1.mga6 firefox-pt_BR-60.9.0-1.mga6 firefox-pt_PT-60.9.0-1.mga6 firefox-ro-60.9.0-1.mga6 firefox-ru-60.9.0-1.mga6 firefox-si-60.9.0-1.mga6 firefox-sk-60.9.0-1.mga6 firefox-sl-60.9.0-1.mga6 firefox-sq-60.9.0-1.mga6 firefox-sr-60.9.0-1.mga6 firefox-sv_SE-60.9.0-1.mga6 firefox-ta-60.9.0-1.mga6 firefox-te-60.9.0-1.mga6 firefox-th-60.9.0-1.mga6 firefox-tr-60.9.0-1.mga6 firefox-uk-60.9.0-1.mga6 firefox-uz-60.9.0-1.mga6 firefox-vi-60.9.0-1.mga6 firefox-xh-60.9.0-1.mga6 firefox-zh_CN-60.9.0-1.mga6 firefox-zh_TW-60.9.0-1.mga6 rootcerts-20190820.00-1.mga6 rootcerts-java-20190820.00-1.mga6 libnspr4-4.22-1.mga6 libnspr-devel-4.22-1.mga6 nss-3.36.8-1.2.mga6 nss-doc-3.36.8-1.2.mga6 libnss3-3.36.8-1.2.mga6 libnss-devel-3.36.8-1.2.mga6 libnss-static-devel-3.36.8-1.2.mga6 from SRPMS: firefox-60.9.0-1.mga6.src.rpm firefox-l10n-60.9.0-1.mga6.src.rpm rootcerts-20190820.00-1.mga6.src.rpm nspr-4.22-1.mga6.src.rpm nss-3.36.8-1.2.mga6.src.rpm
Don't forget to push firefox-l10n for Mageia 7. It should be ready in SVN.
mga6 64 bit Firefox with swedish working nicely on Plasma, Nvidia driver. Tabs restored after update, tested sites i often use, video with sound OK.
CC: (none) => fri
RedHat has issued an advisory for this today (September 4): https://access.redhat.com/errata/RHSA-2019:2663
For Mageia 7: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733) Malicious code execution through command line parameters. (CVE-2019-11751) Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Sandbox escape through Firefox Sync. (CVE-2019-9812) Cross-origin access to unload event attributes. (CVE-2019-11743) Persistence of WebRTC permissions in a third party context. (CVE-2019-11748) Camera information available without prompting using getUserMedia. (CVE-2019-11749) Type confusion in Spidermonkey. (CVE-2019-11750) Content security policy bypass through hash-based sources in directives. (CVE-2019-11738) 'Forget about this site' removes sites from pre-loaded HSTS list. (CVE-2019-11747) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11748 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11750 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11747 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/ https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 https://access.redhat.com/errata/RHSA-2019:2663 ======================== Updated packages in core/updates_testing: ======================== firefox-68.1.0-1.mga7 firefox-devel-68.1.0-1.mga7 firefox-af-68.1.0-1.mga7 firefox-an-68.1.0-1.mga7 firefox-ar-68.1.0-1.mga7 firefox-ast-68.1.0-1.mga7 firefox-az-68.1.0-1.mga7 firefox-bg-68.1.0-1.mga7 firefox-bn-68.1.0-1.mga7 firefox-br-68.1.0-1.mga7 firefox-bs-68.1.0-1.mga7 firefox-ca-68.1.0-1.mga7 firefox-cs-68.1.0-1.mga7 firefox-cy-68.1.0-1.mga7 firefox-da-68.1.0-1.mga7 firefox-de-68.1.0-1.mga7 firefox-el-68.1.0-1.mga7 firefox-en_GB-68.1.0-1.mga7 firefox-en_US-68.1.0-1.mga7 firefox-eo-68.1.0-1.mga7 firefox-es_AR-68.1.0-1.mga7 firefox-es_CL-68.1.0-1.mga7 firefox-es_ES-68.1.0-1.mga7 firefox-es_MX-68.1.0-1.mga7 firefox-et-68.1.0-1.mga7 firefox-eu-68.1.0-1.mga7 firefox-fa-68.1.0-1.mga7 firefox-ff-68.1.0-1.mga7 firefox-fi-68.1.0-1.mga7 firefox-fr-68.1.0-1.mga7 firefox-fy_NL-68.1.0-1.mga7 firefox-ga_IE-68.1.0-1.mga7 firefox-gd-68.1.0-1.mga7 firefox-gl-68.1.0-1.mga7 firefox-gu_IN-68.1.0-1.mga7 firefox-he-68.1.0-1.mga7 firefox-hi_IN-68.1.0-1.mga7 firefox-hr-68.1.0-1.mga7 firefox-hsb-68.1.0-1.mga7 firefox-hu-68.1.0-1.mga7 firefox-hy_AM-68.1.0-1.mga7 firefox-id-68.1.0-1.mga7 firefox-is-68.1.0-1.mga7 firefox-it-68.1.0-1.mga7 firefox-ja-68.1.0-1.mga7 firefox-kk-68.1.0-1.mga7 firefox-km-68.1.0-1.mga7 firefox-kn-68.1.0-1.mga7 firefox-ko-68.1.0-1.mga7 firefox-lij-68.1.0-1.mga7 firefox-lt-68.1.0-1.mga7 firefox-lv-68.1.0-1.mga7 firefox-mk-68.1.0-1.mga7 firefox-mr-68.1.0-1.mga7 firefox-ms-68.1.0-1.mga7 firefox-nb_NO-68.1.0-1.mga7 firefox-nl-68.1.0-1.mga7 firefox-nn_NO-68.1.0-1.mga7 firefox-pa_IN-68.1.0-1.mga7 firefox-pl-68.1.0-1.mga7 firefox-pt_BR-68.1.0-1.mga7 firefox-pt_PT-68.1.0-1.mga7 firefox-ro-68.1.0-1.mga7 firefox-ru-68.1.0-1.mga7 firefox-si-68.1.0-1.mga7 firefox-sk-68.1.0-1.mga7 firefox-sl-68.1.0-1.mga7 firefox-sq-68.1.0-1.mga7 firefox-sr-68.1.0-1.mga7 firefox-sv_SE-68.1.0-1.mga7 firefox-ta-68.1.0-1.mga7 firefox-te-68.1.0-1.mga7 firefox-th-68.1.0-1.mga7 firefox-tr-68.1.0-1.mga7 firefox-uk-68.1.0-1.mga7 firefox-uz-68.1.0-1.mga7 firefox-vi-68.1.0-1.mga7 firefox-xh-68.1.0-1.mga7 firefox-zh_CN-68.1.0-1.mga7 firefox-zh_TW-68.1.0-1.mga7 rootcerts-20190820.00-1.mga7 rootcerts-java-20190820.00-1.mga7 libnspr4-4.22-1.mga7 libnspr-devel-4.22-1.mga7 nss-3.46.0-1.mga7 nss-doc-3.46.0-1.mga7 libnss3-3.46.0-1.mga7 libnss-devel-3.46.0-1.mga7 libnss-static-devel-3.46.0-1.mga7 from SRPMS: firefox-68.1.0-1.mga7.src.rpm firefox-l10n-68.1.0-1.mga7.src.rpm rootcerts-20190820.00-1.mga7.src.rpm nspr-4.22-1.mga7.src.rpm nss-3.46.0-1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsCVE: CVE-2019-11733 => (none)
Blocks: (none) => 25396
MGA6-64 Plasma on Lenovo B50 Noticed while selecting packages that the lib64nspr and lib64nss3 had updates, ut not the 32-bit libnspr and libnss3. Firefox works OK on usual newspaper site with text, photos and video. I think the 64-bit is OK, but waiting to see if the 32-bit needs further mending.
CC: (none) => herman.viaene
64bit - plasma - firefox-en_GB-68.1.0-1.mga7.noarch - firefox-en_US-68.1.0-1.mga7.noarch - lib64nspr4-4.22-1.mga7.x86_64 - lib64nss3-3.46.0-1.mga7.x86_64 Ran it about an hour straight with videos, and major emails sites. Seems to be working
Tested mga7-64 general browsing, jetstream for javascript, videos, all OK
Whiteboard: MGA6TOO => MGA6TOO, mga-7-64-okCC: (none) => wrw105
Tested mga7-32 in a virtualbox guest machine, as in comment 27, all OK
Whiteboard: MGA6TOO, mga-7-64-ok => MGA6TOO, mga-7-64-ok mga7-32-ok
CC: (none) => andrewsfarmWhiteboard: MGA6TOO, mga-7-64-ok mga7-32-ok => MGA6TOO, MGA7-64-OK MGA7-32-OK
Looks good here in MGA7 Plasma. Will try Mga6 later.
Tested mga6-32 as above, Starting ff shows a page showing it's out of date, but I'm not sure there's anything we can do about that. Everything working as expected.
Whiteboard: MGA6TOO, MGA7-64-OK MGA7-32-OK => MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok
Good for 64-bits in Mageia 6 Plasma on my Probook 6550b. Validating. Advisories in Comment 8 and Comment 9.
Whiteboard: MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok => MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
RedHat has issued an advisory for Firefox 60.9 today (September 11): https://access.redhat.com/errata/RHSA-2019:2729
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0267.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0268.html
NSS 3.46 update in this bug also fixed CVE-2019-17006: https://usn.ubuntu.com/4231-1/