Mozilla has released Firefox 68.7.0 today (April 6): https://www.mozilla.org/en-US/firefox/68.7.0/releasenotes/ Other than firefox-l10n, nothing else has to be updated. Updated packages are building now. Release notes are not available yet. Updated packages in core/updates_testing: ======================== firefox-68.7.0-1.mga7 firefox-devel-68.7.0-1.mga7 firefox-af-68.7.0-1.mga7 firefox-an-68.7.0-1.mga7 firefox-ar-68.7.0-1.mga7 firefox-ast-68.7.0-1.mga7 firefox-az-68.7.0-1.mga7 firefox-bg-68.7.0-1.mga7 firefox-bn-68.7.0-1.mga7 firefox-br-68.7.0-1.mga7 firefox-bs-68.7.0-1.mga7 firefox-ca-68.7.0-1.mga7 firefox-cs-68.7.0-1.mga7 firefox-cy-68.7.0-1.mga7 firefox-da-68.7.0-1.mga7 firefox-de-68.7.0-1.mga7 firefox-el-68.7.0-1.mga7 firefox-en_GB-68.7.0-1.mga7 firefox-en_US-68.7.0-1.mga7 firefox-eo-68.7.0-1.mga7 firefox-es_AR-68.7.0-1.mga7 firefox-es_CL-68.7.0-1.mga7 firefox-es_ES-68.7.0-1.mga7 firefox-es_MX-68.7.0-1.mga7 firefox-et-68.7.0-1.mga7 firefox-eu-68.7.0-1.mga7 firefox-fa-68.7.0-1.mga7 firefox-ff-68.7.0-1.mga7 firefox-fi-68.7.0-1.mga7 firefox-fr-68.7.0-1.mga7 firefox-fy_NL-68.7.0-1.mga7 firefox-ga_IE-68.7.0-1.mga7 firefox-gd-68.7.0-1.mga7 firefox-gl-68.7.0-1.mga7 firefox-gu_IN-68.7.0-1.mga7 firefox-he-68.7.0-1.mga7 firefox-hi_IN-68.7.0-1.mga7 firefox-hr-68.7.0-1.mga7 firefox-hsb-68.7.0-1.mga7 firefox-hu-68.7.0-1.mga7 firefox-hy_AM-68.7.0-1.mga7 firefox-id-68.7.0-1.mga7 firefox-is-68.7.0-1.mga7 firefox-it-68.7.0-1.mga7 firefox-ja-68.7.0-1.mga7 firefox-kk-68.7.0-1.mga7 firefox-km-68.7.0-1.mga7 firefox-kn-68.7.0-1.mga7 firefox-ko-68.7.0-1.mga7 firefox-lij-68.7.0-1.mga7 firefox-lt-68.7.0-1.mga7 firefox-lv-68.7.0-1.mga7 firefox-mk-68.7.0-1.mga7 firefox-mr-68.7.0-1.mga7 firefox-ms-68.7.0-1.mga7 firefox-nb_NO-68.7.0-1.mga7 firefox-nl-68.7.0-1.mga7 firefox-nn_NO-68.7.0-1.mga7 firefox-pa_IN-68.7.0-1.mga7 firefox-pl-68.7.0-1.mga7 firefox-pt_BR-68.7.0-1.mga7 firefox-pt_PT-68.7.0-1.mga7 firefox-ro-68.7.0-1.mga7 firefox-ru-68.7.0-1.mga7 firefox-si-68.7.0-1.mga7 firefox-sk-68.7.0-1.mga7 firefox-sl-68.7.0-1.mga7 firefox-sq-68.7.0-1.mga7 firefox-sr-68.7.0-1.mga7 firefox-sv_SE-68.7.0-1.mga7 firefox-ta-68.7.0-1.mga7 firefox-te-68.7.0-1.mga7 firefox-th-68.7.0-1.mga7 firefox-tr-68.7.0-1.mga7 firefox-uk-68.7.0-1.mga7 firefox-uz-68.7.0-1.mga7 firefox-vi-68.7.0-1.mga7 firefox-xh-68.7.0-1.mga7 firefox-zh_CN-68.7.0-1.mga7 firefox-zh_TW-68.7.0-1.mga7 from SRPMS: firefox-68.7.0-1.mga7.src.rpm firefox-l10n-68.7.0-1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
I have installed in MGA7-64 VirtualBox. No issues, works fine, addons ok, preferences, bookmarks ok. Greetings!!
CC: (none) => joselp
MGA7-64 Plasma on Lenovo B50 No installation issues Usual newspapersite with text, pictures and video all OK. Addon for Belgian eid card also OK. Good for me.
CC: (none) => herman.viaene
Advisory: ======================== Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure (CVE-2020-6821). On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code (CVE-2020-6822). Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-6825). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825 https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/
on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.7.0-1.mga7.x86_64 - firefox-en_GB-68.7.0-1.mga7.noarch - firefox-en_US-68.7.0-1.mga7.noarch no regressions observed looks OK for mga7-64
CC: (none) => jim
i5-2500, integrated Intel graphics, wired Internet, 64-bit Plasma system. Everything looks good here, too.
CC: (none) => andrewsfarm
Dell Inspiron 5100, running a 32-bit Xfce system. Packages installed cleanly. Looks OK here, too. Giving it a 32-bit OK.
Whiteboard: (none) => MGA7-32-OK
x86_64 $ uname -a Linux localhost 5.5.15-desktop-3.mga7 #1 SMP Sat Apr 4 19:06:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Installed English version. Works fine.
CC: (none) => brtians1
I think we're good. Validating. Advisory in Comment 3.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA7-32-OK => MGA7-32-OK MGA7-64-OK
CC: (none) => tmbKeywords: (none) => advisory
RedHat has issued an advisory for this today (April 8): https://access.redhat.com/errata/RHSA-2020:1406
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0163.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED