Mozilla has released Firefox 68.5.0 today (February 11): https://www.mozilla.org/en-US/firefox/68.5.0/releasenotes/ We'll also update nspr and nss: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/lK7toqtJ96E https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes Everything is committed in SVN. nspr needs to be built first and uploaded, then nss needs to be built and uploaded, then firefox, then firefox-l10n. nspr has been pushed to the build system for Mageia 7 and Cauldron, the rest are pending.
nss has been pushed in Mageia 7 and Cauldron and firefox has been pushed in Cauldron. Hopefully someone can push firefox in Mageia 7...
Thanks DavidW for all the work noted earlier. All the packages are 'nobody', so assigning globally; CC'ing NicolasS as the active Firefox committer.
CC: (none) => nicolas.salgueroAssignee: bugsquad => pkg-bugs
All packages built and uploaded. Upstream advisory released. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6796 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800 https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/lK7toqtJ96E https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ ======================== Updated packages in core/updates_testing: ======================== libnspr4-4.25-1.mga7 libnspr-devel-4.25-1.mga7 nss-3.50.0-1.mga7 nss-doc-3.50.0-1.mga7 libnss3-3.50.0-1.mga7 libnss-devel-3.50.0-1.mga7 libnss-static-devel-3.50.0-1.mga7 firefox-68.5.0-1.mga7 firefox-devel-68.5.0-1.mga7 firefox-af-68.5.0-1.mga7 firefox-an-68.5.0-1.mga7 firefox-ar-68.5.0-1.mga7 firefox-ast-68.5.0-1.mga7 firefox-az-68.5.0-1.mga7 firefox-bg-68.5.0-1.mga7 firefox-bn-68.5.0-1.mga7 firefox-br-68.5.0-1.mga7 firefox-bs-68.5.0-1.mga7 firefox-ca-68.5.0-1.mga7 firefox-cs-68.5.0-1.mga7 firefox-cy-68.5.0-1.mga7 firefox-da-68.5.0-1.mga7 firefox-de-68.5.0-1.mga7 firefox-el-68.5.0-1.mga7 firefox-en_GB-68.5.0-1.mga7 firefox-en_US-68.5.0-1.mga7 firefox-eo-68.5.0-1.mga7 firefox-es_AR-68.5.0-1.mga7 firefox-es_CL-68.5.0-1.mga7 firefox-es_ES-68.5.0-1.mga7 firefox-es_MX-68.5.0-1.mga7 firefox-et-68.5.0-1.mga7 firefox-eu-68.5.0-1.mga7 firefox-fa-68.5.0-1.mga7 firefox-ff-68.5.0-1.mga7 firefox-fi-68.5.0-1.mga7 firefox-fr-68.5.0-1.mga7 firefox-fy_NL-68.5.0-1.mga7 firefox-ga_IE-68.5.0-1.mga7 firefox-gd-68.5.0-1.mga7 firefox-gl-68.5.0-1.mga7 firefox-gu_IN-68.5.0-1.mga7 firefox-he-68.5.0-1.mga7 firefox-hi_IN-68.5.0-1.mga7 firefox-hr-68.5.0-1.mga7 firefox-hsb-68.5.0-1.mga7 firefox-hu-68.5.0-1.mga7 firefox-hy_AM-68.5.0-1.mga7 firefox-id-68.5.0-1.mga7 firefox-is-68.5.0-1.mga7 firefox-it-68.5.0-1.mga7 firefox-ja-68.5.0-1.mga7 firefox-kk-68.5.0-1.mga7 firefox-km-68.5.0-1.mga7 firefox-kn-68.5.0-1.mga7 firefox-ko-68.5.0-1.mga7 firefox-lij-68.5.0-1.mga7 firefox-lt-68.5.0-1.mga7 firefox-lv-68.5.0-1.mga7 firefox-mk-68.5.0-1.mga7 firefox-mr-68.5.0-1.mga7 firefox-ms-68.5.0-1.mga7 firefox-nb_NO-68.5.0-1.mga7 firefox-nl-68.5.0-1.mga7 firefox-nn_NO-68.5.0-1.mga7 firefox-pa_IN-68.5.0-1.mga7 firefox-pl-68.5.0-1.mga7 firefox-pt_BR-68.5.0-1.mga7 firefox-pt_PT-68.5.0-1.mga7 firefox-ro-68.5.0-1.mga7 firefox-ru-68.5.0-1.mga7 firefox-si-68.5.0-1.mga7 firefox-sk-68.5.0-1.mga7 firefox-sl-68.5.0-1.mga7 firefox-sq-68.5.0-1.mga7 firefox-sr-68.5.0-1.mga7 firefox-sv_SE-68.5.0-1.mga7 firefox-ta-68.5.0-1.mga7 firefox-te-68.5.0-1.mga7 firefox-th-68.5.0-1.mga7 firefox-tr-68.5.0-1.mga7 firefox-uk-68.5.0-1.mga7 firefox-uz-68.5.0-1.mga7 firefox-vi-68.5.0-1.mga7 firefox-xh-68.5.0-1.mga7 firefox-zh_CN-68.5.0-1.mga7 firefox-zh_TW-68.5.0-1.mga7 from SRPMS: nspr-4.25-1.mga7.src.rpm nss-3.50.0-1.mga7.src.rpm firefox-68.5.0-1.mga7.src.rpm firefox-l10n-68.5.0-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
I've install the new version in Mageia Vbox x64. No problemas, works fine, addons ok, bookmarks ok. I writing from this version. Greetings!!
CC: (none) => joselp
Blocks: (none) => 26188
64-bit Plasma system. No installation issues. Tried several websites, no issues noted. Looks OK here.
CC: (none) => andrewsfarm
on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.5.0-1.mga7.x86_64 - firefox-en_GB-68.5.0-1.mga7.noarch - firefox-en_US-68.5.0-1.mga7.noarch - lib64nspr4-4.25-1.mga7.x86_64 - lib64nss3-3.50.0-1.mga7.x86_64 - nss-3.50.0-1.mga7.x86_64 no regressions observed looks OK for mga7-64
CC: (none) => jim
MGA7-64 plasma on Lenovo B50 No installation issues Nothing wrong with it AFAICS.
CC: (none) => herman.viaene
Physical hardware - AMD/Nvidia (390), Plasma $ uname -a Linux localhost 5.4.17-desktop-1.mga7 #1 SMP Sat Feb 1 21:57:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux The following 6 packages are going to be installed: - firefox-68.5.0-1.mga7.x86_64 - firefox-en_GB-68.5.0-1.mga7.noarch - firefox-en_US-68.5.0-1.mga7.noarch - lib64nspr4-4.25-1.mga7.x86_64 - lib64nss3-3.50.0-1.mga7.x86_64 - nss-3.50.0-1.mga7.x86_64 $ firefox -v Mozilla Firefox 68.5.0esr Used it for a couple of hours. It did retain my settings. Working
CC: (none) => brtians1
Dell Inspiron 5100, 32-bit Xfce system. Working OK here, too.
on mga7-32 in a vbox VM packages installed cleanly: - firefox-68.5.0-1.mga7.i586 - firefox-en_GB-68.5.0-1.mga7.noarch - firefox-en_US-68.5.0-1.mga7.noarch - libnspr4-4.25-1.mga7.i586 - libnss3-3.50.0-1.mga7.i586 - nss-3.50.0-1.mga7.i586 no regressions noted looks OK for mga7-32
(In reply to James Kerr from comment #10) > on mga7-32 in a vbox VM > forgot to add using plasma on kernel-desktop586
Mageia7, x86_64 8 packages installed. Working fine here with en_GB support.
CC: (none) => tarazed25
OK mga7-64, plasma, swedish. Have been using it for a couple days surfing for info, banking business, video, no problems noted. current kernel-desktop + nvidia-current + plasma
CC: (none) => fri
Looks like enough testing to me. Sending it on its way with two OKs. Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OK MGA7-32-OKCC: (none) => sysadmin-bugs
Advisory: ======================== Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash (CVE-2020-6796). If a <template> tag was used in a <select> tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result (CVE-2020-6798). Memory safety bugs present in Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and presumably some of these could have been exploited to run arbitrary code (CVE-2020-6800). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6796 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800 https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/lK7toqtJ96E https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0090.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this on February 17: https://access.redhat.com/errata/RHSA-2020:0512