RedHat has issued an advisory today (October 9): https://rhn.redhat.com/errata/RHSA-2012-1350.html Funda Wang has uploaded updated packages for Mageia 1 and Mageia 2. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188). Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution (CVE-2012-3986, CVE-2012-3991). Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994). Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Firefox to execute arbitrary code (CVE-2012-3993, CVE-2012-4184). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188 http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://rhn.redhat.com/errata/RHSA-2012-1350.html ======================== Updated packages in core/updates_testing: ======================== firefox-10.0.8-1.mga1 firefox-devel-10.0.8-1.mga1 firefox-af-10.0.8-1.mga1 firefox-ar-10.0.8-1.mga1 firefox-ast-10.0.8-1.mga1 firefox-be-10.0.8-1.mga1 firefox-bg-10.0.8-1.mga1 firefox-bn_IN-10.0.8-1.mga1 firefox-bn_BD-10.0.8-1.mga1 firefox-br-10.0.8-1.mga1 firefox-bs-10.0.8-1.mga1 firefox-ca-10.0.8-1.mga1 firefox-cs-10.0.8-1.mga1 firefox-cy-10.0.8-1.mga1 firefox-da-10.0.8-1.mga1 firefox-de-10.0.8-1.mga1 firefox-el-10.0.8-1.mga1 firefox-en_GB-10.0.8-1.mga1 firefox-en_ZA-10.0.8-1.mga1 firefox-eo-10.0.8-1.mga1 firefox-es_AR-10.0.8-1.mga1 firefox-es_CL-10.0.8-1.mga1 firefox-es_ES-10.0.8-1.mga1 firefox-es_MX-10.0.8-1.mga1 firefox-et-10.0.8-1.mga1 firefox-eu-10.0.8-1.mga1 firefox-fa-10.0.8-1.mga1 firefox-fi-10.0.8-1.mga1 firefox-fr-10.0.8-1.mga1 firefox-fy-10.0.8-1.mga1 firefox-ga_IE-10.0.8-1.mga1 firefox-gd-10.0.8-1.mga1 firefox-gl-10.0.8-1.mga1 firefox-gu_IN-10.0.8-1.mga1 firefox-he-10.0.8-1.mga1 firefox-hi-10.0.8-1.mga1 firefox-hr-10.0.8-1.mga1 firefox-hu-10.0.8-1.mga1 firefox-hy-10.0.8-1.mga1 firefox-id-10.0.8-1.mga1 firefox-is-10.0.8-1.mga1 firefox-it-10.0.8-1.mga1 firefox-ja-10.0.8-1.mga1 firefox-kk-10.0.8-1.mga1 firefox-ko-10.0.8-1.mga1 firefox-kn-10.0.8-1.mga1 firefox-ku-10.0.8-1.mga1 firefox-lg-10.0.8-1.mga1 firefox-lt-10.0.8-1.mga1 firefox-lv-10.0.8-1.mga1 firefox-mai-10.0.8-1.mga1 firefox-mk-10.0.8-1.mga1 firefox-ml-10.0.8-1.mga1 firefox-mr-10.0.8-1.mga1 firefox-nb_NO-10.0.8-1.mga1 firefox-nl-10.0.8-1.mga1 firefox-nn_NO-10.0.8-1.mga1 firefox-nso-10.0.8-1.mga1 firefox-or-10.0.8-1.mga1 firefox-pa_IN-10.0.8-1.mga1 firefox-pl-10.0.8-1.mga1 firefox-pt_BR-10.0.8-1.mga1 firefox-pt_PT-10.0.8-1.mga1 firefox-ro-10.0.8-1.mga1 firefox-ru-10.0.8-1.mga1 firefox-si-10.0.8-1.mga1 firefox-sk-10.0.8-1.mga1 firefox-sl-10.0.8-1.mga1 firefox-sq-10.0.8-1.mga1 firefox-sr-10.0.8-1.mga1 firefox-sv_SE-10.0.8-1.mga1 firefox-ta-10.0.8-1.mga1 firefox-ta_LK-10.0.8-1.mga1 firefox-te-10.0.8-1.mga1 firefox-th-10.0.8-1.mga1 firefox-tr-10.0.8-1.mga1 firefox-uk-10.0.8-1.mga1 firefox-vi-10.0.8-1.mga1 firefox-zh_CN-10.0.8-1.mga1 firefox-zh_TW-10.0.8-1.mga1 firefox-zu-10.0.8-1.mga1 firefox-10.0.8-1.mga2 firefox-devel-10.0.8-1.mga2 firefox-af-10.0.8-1.mga2 firefox-ar-10.0.8-1.mga2 firefox-ast-10.0.8-1.mga2 firefox-be-10.0.8-1.mga2 firefox-bg-10.0.8-1.mga2 firefox-bn_IN-10.0.8-1.mga2 firefox-bn_BD-10.0.8-1.mga2 firefox-br-10.0.8-1.mga2 firefox-bs-10.0.8-1.mga2 firefox-ca-10.0.8-1.mga2 firefox-cs-10.0.8-1.mga2 firefox-cy-10.0.8-1.mga2 firefox-da-10.0.8-1.mga2 firefox-de-10.0.8-1.mga2 firefox-el-10.0.8-1.mga2 firefox-en_GB-10.0.8-1.mga2 firefox-en_ZA-10.0.8-1.mga2 firefox-eo-10.0.8-1.mga2 firefox-es_AR-10.0.8-1.mga2 firefox-es_CL-10.0.8-1.mga2 firefox-es_ES-10.0.8-1.mga2 firefox-es_MX-10.0.8-1.mga2 firefox-et-10.0.8-1.mga2 firefox-eu-10.0.8-1.mga2 firefox-fa-10.0.8-1.mga2 firefox-fi-10.0.8-1.mga2 firefox-fr-10.0.8-1.mga2 firefox-fy-10.0.8-1.mga2 firefox-ga_IE-10.0.8-1.mga2 firefox-gd-10.0.8-1.mga2 firefox-gl-10.0.8-1.mga2 firefox-gu_IN-10.0.8-1.mga2 firefox-he-10.0.8-1.mga2 firefox-hi-10.0.8-1.mga2 firefox-hr-10.0.8-1.mga2 firefox-hu-10.0.8-1.mga2 firefox-hy-10.0.8-1.mga2 firefox-id-10.0.8-1.mga2 firefox-is-10.0.8-1.mga2 firefox-it-10.0.8-1.mga2 firefox-ja-10.0.8-1.mga2 firefox-kk-10.0.8-1.mga2 firefox-ko-10.0.8-1.mga2 firefox-kn-10.0.8-1.mga2 firefox-ku-10.0.8-1.mga2 firefox-lg-10.0.8-1.mga2 firefox-lt-10.0.8-1.mga2 firefox-lv-10.0.8-1.mga2 firefox-mai-10.0.8-1.mga2 firefox-mk-10.0.8-1.mga2 firefox-ml-10.0.8-1.mga2 firefox-mr-10.0.8-1.mga2 firefox-nb_NO-10.0.8-1.mga2 firefox-nl-10.0.8-1.mga2 firefox-nn_NO-10.0.8-1.mga2 firefox-nso-10.0.8-1.mga2 firefox-or-10.0.8-1.mga2 firefox-pa_IN-10.0.8-1.mga2 firefox-pl-10.0.8-1.mga2 firefox-pt_BR-10.0.8-1.mga2 firefox-pt_PT-10.0.8-1.mga2 firefox-ro-10.0.8-1.mga2 firefox-ru-10.0.8-1.mga2 firefox-si-10.0.8-1.mga2 firefox-sk-10.0.8-1.mga2 firefox-sl-10.0.8-1.mga2 firefox-sq-10.0.8-1.mga2 firefox-sr-10.0.8-1.mga2 firefox-sv_SE-10.0.8-1.mga2 firefox-ta-10.0.8-1.mga2 firefox-ta_LK-10.0.8-1.mga2 firefox-te-10.0.8-1.mga2 firefox-th-10.0.8-1.mga2 firefox-tr-10.0.8-1.mga2 firefox-uk-10.0.8-1.mga2 firefox-vi-10.0.8-1.mga2 firefox-zh_CN-10.0.8-1.mga2 firefox-zh_TW-10.0.8-1.mga2 firefox-zu-10.0.8-1.mga2 from SRPMS: firefox-10.0.8-1.mga1.src.rpm firefox-l10n-10.0.8-1.mga1.src.rpm firefox-10.0.8-1.mga2.src.rpm firefox-l10n-10.0.8-1.mga2.src.rpm
CC: (none) => fundawangWhiteboard: (none) => MGA1TOO
All my extensions/plugins including the new flash are working as previous versions checked all my usual sites, facebook, neowin, phoronix, youtube work fine.
CC: (none) => lemonzest
Testing complete for firefox-10.0.8-1.mga2 on Mageia release 2 (Official) for x86_64 ,it's ok for me it works fine and nothing to report.
CC: (none) => geiger.david68210
tested mga1 i586 and x86_64: java, flash (over https), personas, german and english localization - everything works fine. Added MGA2-64-OK as well to the whiteboard. Simon on which arch did you your tests?
CC: (none) => marc.lattemannWhiteboard: MGA1TOO => MGA1TOO, MGA1-32-OK, MGA1-64-OK
Whiteboard: MGA1TOO, MGA1-32-OK, MGA1-64-OK => MGA1TOO, MGA1-32-OK, MGA1-64-OK, MGA2-64-OK
Sorry forgot, Mageia 2 x86_64 (as always)
URL: (none) => http://lwn.net/Vulnerabilities/519136/
OK - also tested for mga2 i586 (same tests as in Comment 3).
Whiteboard: MGA1TOO, MGA1-32-OK, MGA1-64-OK, MGA2-64-OK => MGA1TOO, MGA1-32-OK, MGA1-64-OK, MGA2-64-OK, MGA2-32-OK
Works ok on Mageia 2 x86_64.
CC: (none) => ed_rus099
Validating the update. Could someone from the sysadmin team push the srpms firefox-10.0.8-1.mga2.src.rpm firefox-l10n-10.0.8-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpms firefox-10.0.8-1.mga1.src.rpm firefox-l10n-10.0.8-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated firefox packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188). Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution (CVE-2012-3986, CVE-2012-3991). Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994). Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Firefox to execute arbitrary code (CVE-2012-3993, CVE-2012-4184). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188 http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://rhn.redhat.com/errata/RHSA-2012-1350.html https://bugs.mageia.org/show_bug.cgi?id=7752
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0288
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED