Mandriva has issued an advisory on October 13: http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:167 Updated packages uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated firefox packages fix security vulnerability: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution (CVE-2012-4193). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193 http://www.mozilla.org/security/announce/2012/mfsa2012-89.html http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:167 ======================== Updated packages in core/updates_testing: ======================== firefox-10.0.9-1.mga1 firefox-devel-10.0.9-1.mga1 firefox-af-10.0.9-1.mga1 firefox-ar-10.0.9-1.mga1 firefox-ast-10.0.9-1.mga1 firefox-be-10.0.9-1.mga1 firefox-bg-10.0.9-1.mga1 firefox-bn_IN-10.0.9-1.mga1 firefox-bn_BD-10.0.9-1.mga1 firefox-br-10.0.9-1.mga1 firefox-bs-10.0.9-1.mga1 firefox-ca-10.0.9-1.mga1 firefox-cs-10.0.9-1.mga1 firefox-cy-10.0.9-1.mga1 firefox-da-10.0.9-1.mga1 firefox-de-10.0.9-1.mga1 firefox-el-10.0.9-1.mga1 firefox-en_GB-10.0.9-1.mga1 firefox-en_ZA-10.0.9-1.mga1 firefox-eo-10.0.9-1.mga1 firefox-es_AR-10.0.9-1.mga1 firefox-es_CL-10.0.9-1.mga1 firefox-es_ES-10.0.9-1.mga1 firefox-es_MX-10.0.9-1.mga1 firefox-et-10.0.9-1.mga1 firefox-eu-10.0.9-1.mga1 firefox-fa-10.0.9-1.mga1 firefox-fi-10.0.9-1.mga1 firefox-fr-10.0.9-1.mga1 firefox-fy-10.0.9-1.mga1 firefox-ga_IE-10.0.9-1.mga1 firefox-gd-10.0.9-1.mga1 firefox-gl-10.0.9-1.mga1 firefox-gu_IN-10.0.9-1.mga1 firefox-he-10.0.9-1.mga1 firefox-hi-10.0.9-1.mga1 firefox-hr-10.0.9-1.mga1 firefox-hu-10.0.9-1.mga1 firefox-hy-10.0.9-1.mga1 firefox-id-10.0.9-1.mga1 firefox-is-10.0.9-1.mga1 firefox-it-10.0.9-1.mga1 firefox-ja-10.0.9-1.mga1 firefox-kk-10.0.9-1.mga1 firefox-ko-10.0.9-1.mga1 firefox-kn-10.0.9-1.mga1 firefox-ku-10.0.9-1.mga1 firefox-lg-10.0.9-1.mga1 firefox-lt-10.0.9-1.mga1 firefox-lv-10.0.9-1.mga1 firefox-mai-10.0.9-1.mga1 firefox-mk-10.0.9-1.mga1 firefox-ml-10.0.9-1.mga1 firefox-mr-10.0.9-1.mga1 firefox-nb_NO-10.0.9-1.mga1 firefox-nl-10.0.9-1.mga1 firefox-nn_NO-10.0.9-1.mga1 firefox-nso-10.0.9-1.mga1 firefox-or-10.0.9-1.mga1 firefox-pa_IN-10.0.9-1.mga1 firefox-pl-10.0.9-1.mga1 firefox-pt_BR-10.0.9-1.mga1 firefox-pt_PT-10.0.9-1.mga1 firefox-ro-10.0.9-1.mga1 firefox-ru-10.0.9-1.mga1 firefox-si-10.0.9-1.mga1 firefox-sk-10.0.9-1.mga1 firefox-sl-10.0.9-1.mga1 firefox-sq-10.0.9-1.mga1 firefox-sr-10.0.9-1.mga1 firefox-sv_SE-10.0.9-1.mga1 firefox-ta-10.0.9-1.mga1 firefox-ta_LK-10.0.9-1.mga1 firefox-te-10.0.9-1.mga1 firefox-th-10.0.9-1.mga1 firefox-tr-10.0.9-1.mga1 firefox-uk-10.0.9-1.mga1 firefox-vi-10.0.9-1.mga1 firefox-zh_CN-10.0.9-1.mga1 firefox-zh_TW-10.0.9-1.mga1 firefox-zu-10.0.9-1.mga1 firefox-10.0.9-1.mga2 firefox-devel-10.0.9-1.mga2 firefox-af-10.0.9-1.mga2 firefox-ar-10.0.9-1.mga2 firefox-ast-10.0.9-1.mga2 firefox-be-10.0.9-1.mga2 firefox-bg-10.0.9-1.mga2 firefox-bn_IN-10.0.9-1.mga2 firefox-bn_BD-10.0.9-1.mga2 firefox-br-10.0.9-1.mga2 firefox-bs-10.0.9-1.mga2 firefox-ca-10.0.9-1.mga2 firefox-cs-10.0.9-1.mga2 firefox-cy-10.0.9-1.mga2 firefox-da-10.0.9-1.mga2 firefox-de-10.0.9-1.mga2 firefox-el-10.0.9-1.mga2 firefox-en_GB-10.0.9-1.mga2 firefox-en_ZA-10.0.9-1.mga2 firefox-eo-10.0.9-1.mga2 firefox-es_AR-10.0.9-1.mga2 firefox-es_CL-10.0.9-1.mga2 firefox-es_ES-10.0.9-1.mga2 firefox-es_MX-10.0.9-1.mga2 firefox-et-10.0.9-1.mga2 firefox-eu-10.0.9-1.mga2 firefox-fa-10.0.9-1.mga2 firefox-fi-10.0.9-1.mga2 firefox-fr-10.0.9-1.mga2 firefox-fy-10.0.9-1.mga2 firefox-ga_IE-10.0.9-1.mga2 firefox-gd-10.0.9-1.mga2 firefox-gl-10.0.9-1.mga2 firefox-gu_IN-10.0.9-1.mga2 firefox-he-10.0.9-1.mga2 firefox-hi-10.0.9-1.mga2 firefox-hr-10.0.9-1.mga2 firefox-hu-10.0.9-1.mga2 firefox-hy-10.0.9-1.mga2 firefox-id-10.0.9-1.mga2 firefox-is-10.0.9-1.mga2 firefox-it-10.0.9-1.mga2 firefox-ja-10.0.9-1.mga2 firefox-kk-10.0.9-1.mga2 firefox-ko-10.0.9-1.mga2 firefox-kn-10.0.9-1.mga2 firefox-ku-10.0.9-1.mga2 firefox-lg-10.0.9-1.mga2 firefox-lt-10.0.9-1.mga2 firefox-lv-10.0.9-1.mga2 firefox-mai-10.0.9-1.mga2 firefox-mk-10.0.9-1.mga2 firefox-ml-10.0.9-1.mga2 firefox-mr-10.0.9-1.mga2 firefox-nb_NO-10.0.9-1.mga2 firefox-nl-10.0.9-1.mga2 firefox-nn_NO-10.0.9-1.mga2 firefox-nso-10.0.9-1.mga2 firefox-or-10.0.9-1.mga2 firefox-pa_IN-10.0.9-1.mga2 firefox-pl-10.0.9-1.mga2 firefox-pt_BR-10.0.9-1.mga2 firefox-pt_PT-10.0.9-1.mga2 firefox-ro-10.0.9-1.mga2 firefox-ru-10.0.9-1.mga2 firefox-si-10.0.9-1.mga2 firefox-sk-10.0.9-1.mga2 firefox-sl-10.0.9-1.mga2 firefox-sq-10.0.9-1.mga2 firefox-sr-10.0.9-1.mga2 firefox-sv_SE-10.0.9-1.mga2 firefox-ta-10.0.9-1.mga2 firefox-ta_LK-10.0.9-1.mga2 firefox-te-10.0.9-1.mga2 firefox-th-10.0.9-1.mga2 firefox-tr-10.0.9-1.mga2 firefox-uk-10.0.9-1.mga2 firefox-vi-10.0.9-1.mga2 firefox-zh_CN-10.0.9-1.mga2 firefox-zh_TW-10.0.9-1.mga2 firefox-zu-10.0.9-1.mga2 from SRPMS: firefox-10.0.9-1.mga1.src.rpm firefox-l10n-10.0.9-1.mga1.src.rpm firefox-10.0.9-1.mga2.src.rpm firefox-l10n-10.0.9-1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Tested OK mga2 64 Java, https, flash, flash over https, spelling, bookmarks etc
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Testing complete for firefox-10.0.9-1.mga2 and firefox-fr-10.0.9-1.mga2 on Mageia release 2 (Official) for x86_64 ,for me it's Ok ,it works fine and nothind to report.
CC: (none) => geiger.david68210
Testing complete Mageia 2 i586, Mageia 1 i586 and x86-64. Could someone from the sysadmin team push the srpms firefox-10.0.9-1.mga2.src.rpm firefox-l10n-10.0.9-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpms firefox-10.0.9-1.mga1.src.rpm firefox-l10n-10.0.9-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated firefox packages fix security vulnerability: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution (CVE-2012-4193). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193 http://www.mozilla.org/security/announce/2012/mfsa2012-89.html http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:167 https://bugs.mageia.org/show_bug.cgi?id=7800
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0295
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED