Mozilla Firefox 10.0.7 has been released. Updated packages uploaded for Mageia 1 and Mageia 2. Testing may begin now. The advisory will be available at a later time. Source RPMs: ------------ nspr-4.9.2-1.mga1 nss-3.13.6-1.mga1 firefox-10.0.7-1.mga1 firefox-l10n-10.0.7-1.mga1 nspr-4.9.2-1.mga2 nss-3.13.6-1.mga2 firefox-10.0.7-1.mga2 firefox-l10n-10.0.7-1.mga2 Full RPMs list (Mageia 1): -------------------------- libnspr4-4.9.2-1.mga1 libnspr-devel-4.9.2-1.mga1 nss-3.13.6-1.mga1 nss-doc-3.13.6-1.mga1 libnss3-3.13.6-1.mga1 libnss-devel-3.13.6-1.mga1 libnss-static-devel-3.13.6-1.mga1 firefox-10.0.7-1.mga1 firefox-devel-10.0.7-1.mga1 firefox-af-10.0.7-1.mga1 firefox-ar-10.0.7-1.mga1 firefox-ast-10.0.7-1.mga1 firefox-be-10.0.7-1.mga1 firefox-bg-10.0.7-1.mga1 firefox-bn_IN-10.0.7-1.mga1 firefox-bn_BD-10.0.7-1.mga1 firefox-br-10.0.7-1.mga1 firefox-bs-10.0.7-1.mga1 firefox-ca-10.0.7-1.mga1 firefox-cs-10.0.7-1.mga1 firefox-cy-10.0.7-1.mga1 firefox-da-10.0.7-1.mga1 firefox-de-10.0.7-1.mga1 firefox-el-10.0.7-1.mga1 firefox-en_GB-10.0.7-1.mga1 firefox-en_ZA-10.0.7-1.mga1 firefox-eo-10.0.7-1.mga1 firefox-es_AR-10.0.7-1.mga1 firefox-es_CL-10.0.7-1.mga1 firefox-es_ES-10.0.7-1.mga1 firefox-es_MX-10.0.7-1.mga1 firefox-et-10.0.7-1.mga1 firefox-eu-10.0.7-1.mga1 firefox-fa-10.0.7-1.mga1 firefox-fi-10.0.7-1.mga1 firefox-fr-10.0.7-1.mga1 firefox-fy-10.0.7-1.mga1 firefox-ga_IE-10.0.7-1.mga1 firefox-gd-10.0.7-1.mga1 firefox-gl-10.0.7-1.mga1 firefox-gu_IN-10.0.7-1.mga1 firefox-he-10.0.7-1.mga1 firefox-hi-10.0.7-1.mga1 firefox-hr-10.0.7-1.mga1 firefox-hu-10.0.7-1.mga1 firefox-hy-10.0.7-1.mga1 firefox-id-10.0.7-1.mga1 firefox-is-10.0.7-1.mga1 firefox-it-10.0.7-1.mga1 firefox-ja-10.0.7-1.mga1 firefox-kk-10.0.7-1.mga1 firefox-ko-10.0.7-1.mga1 firefox-kn-10.0.7-1.mga1 firefox-ku-10.0.7-1.mga1 firefox-lg-10.0.7-1.mga1 firefox-lt-10.0.7-1.mga1 firefox-lv-10.0.7-1.mga1 firefox-mai-10.0.7-1.mga1 firefox-mk-10.0.7-1.mga1 firefox-ml-10.0.7-1.mga1 firefox-mr-10.0.7-1.mga1 firefox-nb_NO-10.0.7-1.mga1 firefox-nl-10.0.7-1.mga1 firefox-nn_NO-10.0.7-1.mga1 firefox-nso-10.0.7-1.mga1 firefox-or-10.0.7-1.mga1 firefox-pa_IN-10.0.7-1.mga1 firefox-pl-10.0.7-1.mga1 firefox-pt_BR-10.0.7-1.mga1 firefox-pt_PT-10.0.7-1.mga1 firefox-ro-10.0.7-1.mga1 firefox-ru-10.0.7-1.mga1 firefox-si-10.0.7-1.mga1 firefox-sk-10.0.7-1.mga1 firefox-sl-10.0.7-1.mga1 firefox-sq-10.0.7-1.mga1 firefox-sr-10.0.7-1.mga1 firefox-sv_SE-10.0.7-1.mga1 firefox-ta-10.0.7-1.mga1 firefox-ta_LK-10.0.7-1.mga1 firefox-te-10.0.7-1.mga1 firefox-th-10.0.7-1.mga1 firefox-tr-10.0.7-1.mga1 firefox-uk-10.0.7-1.mga1 firefox-vi-10.0.7-1.mga1 firefox-zh_CN-10.0.7-1.mga1 firefox-zh_TW-10.0.7-1.mga1 firefox-zu-10.0.7-1.mga1 Full RPMs list (Mageia 2): -------------------------- libnspr4-4.9.2-1.mga2 libnspr-devel-4.9.2-1.mga2 nss-3.13.6-1.mga2 nss-doc-3.13.6-1.mga2 libnss3-3.13.6-1.mga2 libnss-devel-3.13.6-1.mga2 libnss-static-devel-3.13.6-1.mga2 firefox-10.0.7-1.mga2 firefox-devel-10.0.7-1.mga2 firefox-af-10.0.7-1.mga2 firefox-ar-10.0.7-1.mga2 firefox-ast-10.0.7-1.mga2 firefox-be-10.0.7-1.mga2 firefox-bg-10.0.7-1.mga2 firefox-bn_IN-10.0.7-1.mga2 firefox-bn_BD-10.0.7-1.mga2 firefox-br-10.0.7-1.mga2 firefox-bs-10.0.7-1.mga2 firefox-ca-10.0.7-1.mga2 firefox-cs-10.0.7-1.mga2 firefox-cy-10.0.7-1.mga2 firefox-da-10.0.7-1.mga2 firefox-de-10.0.7-1.mga2 firefox-el-10.0.7-1.mga2 firefox-en_GB-10.0.7-1.mga2 firefox-en_ZA-10.0.7-1.mga2 firefox-eo-10.0.7-1.mga2 firefox-es_AR-10.0.7-1.mga2 firefox-es_CL-10.0.7-1.mga2 firefox-es_ES-10.0.7-1.mga2 firefox-es_MX-10.0.7-1.mga2 firefox-et-10.0.7-1.mga2 firefox-eu-10.0.7-1.mga2 firefox-fa-10.0.7-1.mga2 firefox-fi-10.0.7-1.mga2 firefox-fr-10.0.7-1.mga2 firefox-fy-10.0.7-1.mga2 firefox-ga_IE-10.0.7-1.mga2 firefox-gd-10.0.7-1.mga2 firefox-gl-10.0.7-1.mga2 firefox-gu_IN-10.0.7-1.mga2 firefox-he-10.0.7-1.mga2 firefox-hi-10.0.7-1.mga2 firefox-hr-10.0.7-1.mga2 firefox-hu-10.0.7-1.mga2 firefox-hy-10.0.7-1.mga2 firefox-id-10.0.7-1.mga2 firefox-is-10.0.7-1.mga2 firefox-it-10.0.7-1.mga2 firefox-ja-10.0.7-1.mga2 firefox-kk-10.0.7-1.mga2 firefox-ko-10.0.7-1.mga2 firefox-kn-10.0.7-1.mga2 firefox-ku-10.0.7-1.mga2 firefox-lg-10.0.7-1.mga2 firefox-lt-10.0.7-1.mga2 firefox-lv-10.0.7-1.mga2 firefox-mai-10.0.7-1.mga2 firefox-mk-10.0.7-1.mga2 firefox-ml-10.0.7-1.mga2 firefox-mr-10.0.7-1.mga2 firefox-nb_NO-10.0.7-1.mga2 firefox-nl-10.0.7-1.mga2 firefox-nn_NO-10.0.7-1.mga2 firefox-nso-10.0.7-1.mga2 firefox-or-10.0.7-1.mga2 firefox-pa_IN-10.0.7-1.mga2 firefox-pl-10.0.7-1.mga2 firefox-pt_BR-10.0.7-1.mga2 firefox-pt_PT-10.0.7-1.mga2 firefox-ro-10.0.7-1.mga2 firefox-ru-10.0.7-1.mga2 firefox-si-10.0.7-1.mga2 firefox-sk-10.0.7-1.mga2 firefox-sl-10.0.7-1.mga2 firefox-sq-10.0.7-1.mga2 firefox-sr-10.0.7-1.mga2 firefox-sv_SE-10.0.7-1.mga2 firefox-ta-10.0.7-1.mga2 firefox-ta_LK-10.0.7-1.mga2 firefox-te-10.0.7-1.mga2 firefox-th-10.0.7-1.mga2 firefox-tr-10.0.7-1.mga2 firefox-uk-10.0.7-1.mga2 firefox-vi-10.0.7-1.mga2 firefox-zh_CN-10.0.7-1.mga2 firefox-zh_TW-10.0.7-1.mga2 firefox-zu-10.0.7-1.mga2
Whiteboard: (none) => MGA1TOO
Testing on Mageia 2 x86_64, afterwards I will install Mageia 2 x86/i568 version on the VM.
CC: (none) => ed_rus099
Testing on Mga1 i586.
CC: (none) => isolde
Testing complete for Firefox-10.0.7 on Mageia release 2 (Official) for x86_64 , for me it's Ok ,nothing to report and no regression since the update. -firefox-10.0.7-1.mga2 -firefox-fr-10.0.7-1.mga2 -nss-3.13.6-1.mga2 -libnss3-3.13.6-1.mga2 -libnspr4-4.9.2-1.mga2
No problems encountered with Mga1 or Mga2 on i586.
Works ok on Mageia 2 x86_64 and Mageia 2 x86/i568.
For those who want to test firefox with other languages you should install a plugin called quick locale switcher.
Testing complete mga2 x86_64 Java, flash, https, flash over https, spellcheck Bookmarks, Addons, personas Nothing to report.
Hardware: i586 => AllWhiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Testing complete mga1 i586
Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK mga1-32-OK
Upstream advisories are available now, so we have references. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980 http://www.mozilla.org/security/announce/2012/mfsa2012-57.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.mozilla.org/security/announce/2012/mfsa2012-61.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.mozilla.org/security/announce/2012/mfsa2012-65.html http://www.mozilla.org/security/announce/2012/mfsa2012-67.html http://www.mozilla.org/security/announce/2012/mfsa2012-69.html http://www.mozilla.org/security/announce/2012/mfsa2012-70.html http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Testing complete on both arches both releases. Could someone from the sysadmin team push the srpms nspr-4.9.2-1.mga2 nss-3.13.6-1.mga2 firefox-10.0.7-1.mga2 firefox-l10n-10.0.7-1.mga2 from Mageia 2 Core Updates Testing to Core Updates and the srpms nspr-4.9.2-1.mga1 nss-3.13.6-1.mga1 firefox-10.0.7-1.mga1 firefox-l10n-10.0.7-1.mga1 from Mageia 1 Core Updates Testing to Core Updates. Advisory: Security update for firefox corrects the following items http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980 Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-57.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.mozilla.org/security/announce/2012/mfsa2012-61.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.mozilla.org/security/announce/2012/mfsa2012-65.html http://www.mozilla.org/security/announce/2012/mfsa2012-67.html http://www.mozilla.org/security/announce/2012/mfsa2012-69.html http://www.mozilla.org/security/announce/2012/mfsa2012-70.html http://www.mozilla.org/security/announce/2012/mfsa2012-72.html https://bugs.mageia.org/show_bug.cgi?id=7215
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO mga2-64-OK mga1-32-OK => MGA1TOO mga2-64-OK mga1-32-OK mga2-32-OK mga1-64-OK
CVE descriptions are now available from RedHat. Note that the CVE list has been fixed, as one of the Mozilla advisories I had listed previously only affects Windows. Advisory: ======================== Updated firefox packages fix security vulnerabilities: A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964) A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970) Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968) A flaw was found in the way Firefox decoded embedded bitmap images in Icon Format (ICO) files. A web page containing a malicious ICO file could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3966) A flaw was found in the way the "eval" command was handled by the Firefox Web Console. Running "eval" in the Web Console while viewing a web page containing malicious content could possibly cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3980) An out-of-bounds memory read flaw was found in the way Firefox used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). A web page containing malicious content could possibly cause an information leak, or cause Firefox to crash. (CVE-2012-3972) It was found that the SSL certificate information for a previously visited site could be displayed in the address bar while the main window displayed a new page. This could lead to phishing attacks as attackers could use this flaw to trick users into believing they are viewing a trusted site. (CVE-2012-3976) A flaw was found in the location object implementation in Firefox. Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980 http://www.mozilla.org/security/announce/2012/mfsa2012-57.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.mozilla.org/security/announce/2012/mfsa2012-61.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.mozilla.org/security/announce/2012/mfsa2012-65.html http://www.mozilla.org/security/announce/2012/mfsa2012-69.html http://www.mozilla.org/security/announce/2012/mfsa2012-70.html http://www.mozilla.org/security/announce/2012/mfsa2012-72.html https://rhn.redhat.com/errata/RHSA-2012-1210.html
Severity: normal => critical
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0245
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED