Mozilla has released Firefox 68.3.0 today (December 3): https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ As well as updated nspr (4.24).
Whiteboard: (none) => MGA7TOO
Source RPM: (none) => firefox, firefox-l10n, nspr
Since it's already built, go ahead and include the nspr update with this update. If Bugzilla was working from here on Monday evening, I was going to say that it is not needed, because it has no changes except for the version number and will only be required by nss 3.48, which isn't out yet, so we wouldn't really need it until the next Firefox update, but now is fine too.
Whiteboard: MGA7TOO => (none)Summary: Firefox 68.3, NSPR 4.24 => Firefox 68.3Version: Cauldron => 7
Depends on: (none) => 25792
I can't install firefox 68.3. No appear it in the testing repositories, only appear language packages.
CC: (none) => joselp
Blocks: (none) => 25821
Blocks: 25821 => (none)
Suggested advisory: ======================== Use-after-free in worker destruction. (CVE-2019-17008) Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722) Updater temporary files accessible to unprivileged processes. (CVE-2019-17009) Use-after-free when performing device orientation checks. (CVE-2019-17010) Buffer overflow in plain text serializer. (CVE-2019-17005) Use-after-free when retrieving a document in antitracking. (CVE-2019-17011) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3. (CVE-2019-17012) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ ======================== Updated packages in core/updates_testing: ======================== firefox-68.3.0-1.mga7 firefox-devel-68.3.0-1.mga7 firefox-af-68.3.0-1.mga7 firefox-an-68.3.0-1.mga7 firefox-ar-68.3.0-1.mga7 firefox-ast-68.3.0-1.mga7 firefox-az-68.3.0-1.mga7 firefox-bg-68.3.0-1.mga7 firefox-bn-68.3.0-1.mga7 firefox-br-68.3.0-1.mga7 firefox-bs-68.3.0-1.mga7 firefox-ca-68.3.0-1.mga7 firefox-cs-68.3.0-1.mga7 firefox-cy-68.3.0-1.mga7 firefox-da-68.3.0-1.mga7 firefox-de-68.3.0-1.mga7 firefox-el-68.3.0-1.mga7 firefox-en_GB-68.3.0-1.mga7 firefox-en_US-68.3.0-1.mga7 firefox-eo-68.3.0-1.mga7 firefox-es_AR-68.3.0-1.mga7 firefox-es_CL-68.3.0-1.mga7 firefox-es_ES-68.3.0-1.mga7 firefox-es_MX-68.3.0-1.mga7 firefox-et-68.3.0-1.mga7 firefox-eu-68.3.0-1.mga7 firefox-fa-68.3.0-1.mga7 firefox-ff-68.3.0-1.mga7 firefox-fi-68.3.0-1.mga7 firefox-fr-68.3.0-1.mga7 firefox-fy_NL-68.3.0-1.mga7 firefox-ga_IE-68.3.0-1.mga7 firefox-gd-68.3.0-1.mga7 firefox-gl-68.3.0-1.mga7 firefox-gu_IN-68.3.0-1.mga7 firefox-he-68.3.0-1.mga7 firefox-hi_IN-68.3.0-1.mga7 firefox-hr-68.3.0-1.mga7 firefox-hsb-68.3.0-1.mga7 firefox-hu-68.3.0-1.mga7 firefox-hy_AM-68.3.0-1.mga7 firefox-id-68.3.0-1.mga7 firefox-is-68.3.0-1.mga7 firefox-it-68.3.0-1.mga7 firefox-ja-68.3.0-1.mga7 firefox-kk-68.3.0-1.mga7 firefox-km-68.3.0-1.mga7 firefox-kn-68.3.0-1.mga7 firefox-ko-68.3.0-1.mga7 firefox-lij-68.3.0-1.mga7 firefox-lt-68.3.0-1.mga7 firefox-lv-68.3.0-1.mga7 firefox-mk-68.3.0-1.mga7 firefox-mr-68.3.0-1.mga7 firefox-ms-68.3.0-1.mga7 firefox-nb_NO-68.3.0-1.mga7 firefox-nl-68.3.0-1.mga7 firefox-nn_NO-68.3.0-1.mga7 firefox-pa_IN-68.3.0-1.mga7 firefox-pl-68.3.0-1.mga7 firefox-pt_BR-68.3.0-1.mga7 firefox-pt_PT-68.3.0-1.mga7 firefox-ro-68.3.0-1.mga7 firefox-ru-68.3.0-1.mga7 firefox-si-68.3.0-1.mga7 firefox-sk-68.3.0-1.mga7 firefox-sl-68.3.0-1.mga7 firefox-sq-68.3.0-1.mga7 firefox-sr-68.3.0-1.mga7 firefox-sv_SE-68.3.0-1.mga7 firefox-ta-68.3.0-1.mga7 firefox-te-68.3.0-1.mga7 firefox-th-68.3.0-1.mga7 firefox-tr-68.3.0-1.mga7 firefox-uk-68.3.0-1.mga7 firefox-uz-68.3.0-1.mga7 firefox-vi-68.3.0-1.mga7 firefox-xh-68.3.0-1.mga7 firefox-zh_CN-68.3.0-1.mga7 firefox-zh_TW-68.3.0-1.mga7 lib(64)nspr4-4.24-1.mga7 lib(64)nspr-devel-4.24-1.mga7 from SRPMS: firefox-68.3.0-1.mga7.src.rpm firefox-l10n-68.3.0-1.mga7.src.rpm nspr-4.24-1.mga7.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Seems to work ok here on x86_64
CC: (none) => tmb
MGA7-64 Plasma on Lenovo B50 No installation issues. Tested usual newspapersite and one of my own pages: all OK.
CC: (none) => herman.viaene
MGA7-32 all ok, even heavy Youtube playing.
CC: (none) => lists.jjorgeWhiteboard: (none) => MGA7-32-OK
on mga7-64 kernel-desktop plasma packages installed cleanly: - lib64nss3-3.47.1-1.mga7.x86_64 - nss-3.47.1-1.mga7.x86_64 - rootcerts-20191126.00-1.mga7.noarch - rootcerts-java-20191126.00-1.mga7.noarch - firefox-68.3.0-1.mga7.x86_64 - firefox-en_GB-68.3.0-1.mga7.noarch - firefox-en_US-68.3.0-1.mga7.noarch - lib64nspr4-4.24-1.mga7.x86_64 no regressions observed looks OK for mga7-64
CC: (none) => jim
Whiteboard: MGA7-32-OK => MGA7-32-OK MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0376.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this on December 5: https://access.redhat.com/errata/RHSA-2019:4107