RedHat has issued an advisory on October 26: https://rhn.redhat.com/errata/RHSA-2012-1407.html Updated packages uploaded for Mageia 1 and Mageia 2. These include rootcerts, nspr, nss, firefox, and firefox-l10n. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Firefox to execute arbitrary code (CVE-2012-4194, CVE-2012-4195, CVE-2012-4196). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196 http://www.mozilla.org/security/announce/2012/mfsa2012-90.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://rhn.redhat.com/errata/RHSA-2012-1407.html ======================== Updated packages in core/updates_testing: ======================== rootcerts-20121018.00-1.mga1 rootcerts-java-20121018.00-1.mga1 libnspr4-4.9.3-1.mga1 libnspr-devel-4.9.3-1.mga1 nss-3.14-1.mga1 nss-doc-3.14-1.mga1 libnss3-3.14-1.mga1 libnss-devel-3.14-1.mga1 libnss-static-devel-3.14-1.mga1 firefox-10.0.10-1.mga1 firefox-devel-10.0.10-1.mga1 firefox-af-10.0.10-1.mga1 firefox-ar-10.0.10-1.mga1 firefox-ast-10.0.10-1.mga1 firefox-be-10.0.10-1.mga1 firefox-bg-10.0.10-1.mga1 firefox-bn_IN-10.0.10-1.mga1 firefox-bn_BD-10.0.10-1.mga1 firefox-br-10.0.10-1.mga1 firefox-bs-10.0.10-1.mga1 firefox-ca-10.0.10-1.mga1 firefox-cs-10.0.10-1.mga1 firefox-cy-10.0.10-1.mga1 firefox-da-10.0.10-1.mga1 firefox-de-10.0.10-1.mga1 firefox-el-10.0.10-1.mga1 firefox-en_GB-10.0.10-1.mga1 firefox-en_ZA-10.0.10-1.mga1 firefox-eo-10.0.10-1.mga1 firefox-es_AR-10.0.10-1.mga1 firefox-es_CL-10.0.10-1.mga1 firefox-es_ES-10.0.10-1.mga1 firefox-es_MX-10.0.10-1.mga1 firefox-et-10.0.10-1.mga1 firefox-eu-10.0.10-1.mga1 firefox-fa-10.0.10-1.mga1 firefox-fi-10.0.10-1.mga1 firefox-fr-10.0.10-1.mga1 firefox-fy-10.0.10-1.mga1 firefox-ga_IE-10.0.10-1.mga1 firefox-gd-10.0.10-1.mga1 firefox-gl-10.0.10-1.mga1 firefox-gu_IN-10.0.10-1.mga1 firefox-he-10.0.10-1.mga1 firefox-hi-10.0.10-1.mga1 firefox-hr-10.0.10-1.mga1 firefox-hu-10.0.10-1.mga1 firefox-hy-10.0.10-1.mga1 firefox-id-10.0.10-1.mga1 firefox-is-10.0.10-1.mga1 firefox-it-10.0.10-1.mga1 firefox-ja-10.0.10-1.mga1 firefox-kk-10.0.10-1.mga1 firefox-ko-10.0.10-1.mga1 firefox-kn-10.0.10-1.mga1 firefox-ku-10.0.10-1.mga1 firefox-lg-10.0.10-1.mga1 firefox-lt-10.0.10-1.mga1 firefox-lv-10.0.10-1.mga1 firefox-mai-10.0.10-1.mga1 firefox-mk-10.0.10-1.mga1 firefox-ml-10.0.10-1.mga1 firefox-mr-10.0.10-1.mga1 firefox-nb_NO-10.0.10-1.mga1 firefox-nl-10.0.10-1.mga1 firefox-nn_NO-10.0.10-1.mga1 firefox-nso-10.0.10-1.mga1 firefox-or-10.0.10-1.mga1 firefox-pa_IN-10.0.10-1.mga1 firefox-pl-10.0.10-1.mga1 firefox-pt_BR-10.0.10-1.mga1 firefox-pt_PT-10.0.10-1.mga1 firefox-ro-10.0.10-1.mga1 firefox-ru-10.0.10-1.mga1 firefox-si-10.0.10-1.mga1 firefox-sk-10.0.10-1.mga1 firefox-sl-10.0.10-1.mga1 firefox-sq-10.0.10-1.mga1 firefox-sr-10.0.10-1.mga1 firefox-sv_SE-10.0.10-1.mga1 firefox-ta-10.0.10-1.mga1 firefox-ta_LK-10.0.10-1.mga1 firefox-te-10.0.10-1.mga1 firefox-th-10.0.10-1.mga1 firefox-tr-10.0.10-1.mga1 firefox-uk-10.0.10-1.mga1 firefox-vi-10.0.10-1.mga1 firefox-zh_CN-10.0.10-1.mga1 firefox-zh_TW-10.0.10-1.mga1 firefox-zu-10.0.10-1.mga1 rootcerts-20121018.00-1.mga2 rootcerts-java-20121018.00-1.mga2 libnspr4-4.9.3-1.mga2 libnspr-devel-4.9.3-1.mga2 nss-3.14-1.mga2 nss-doc-3.14-1.mga2 libnss3-3.14-1.mga2 libnss-devel-3.14-1.mga2 libnss-static-devel-3.14-1.mga2 firefox-10.0.10-1.mga2 firefox-devel-10.0.10-1.mga2 firefox-af-10.0.10-1.mga2 firefox-ar-10.0.10-1.mga2 firefox-ast-10.0.10-1.mga2 firefox-be-10.0.10-1.mga2 firefox-bg-10.0.10-1.mga2 firefox-bn_IN-10.0.10-1.mga2 firefox-bn_BD-10.0.10-1.mga2 firefox-br-10.0.10-1.mga2 firefox-bs-10.0.10-1.mga2 firefox-ca-10.0.10-1.mga2 firefox-cs-10.0.10-1.mga2 firefox-cy-10.0.10-1.mga2 firefox-da-10.0.10-1.mga2 firefox-de-10.0.10-1.mga2 firefox-el-10.0.10-1.mga2 firefox-en_GB-10.0.10-1.mga2 firefox-en_ZA-10.0.10-1.mga2 firefox-eo-10.0.10-1.mga2 firefox-es_AR-10.0.10-1.mga2 firefox-es_CL-10.0.10-1.mga2 firefox-es_ES-10.0.10-1.mga2 firefox-es_MX-10.0.10-1.mga2 firefox-et-10.0.10-1.mga2 firefox-eu-10.0.10-1.mga2 firefox-fa-10.0.10-1.mga2 firefox-fi-10.0.10-1.mga2 firefox-fr-10.0.10-1.mga2 firefox-fy-10.0.10-1.mga2 firefox-ga_IE-10.0.10-1.mga2 firefox-gd-10.0.10-1.mga2 firefox-gl-10.0.10-1.mga2 firefox-gu_IN-10.0.10-1.mga2 firefox-he-10.0.10-1.mga2 firefox-hi-10.0.10-1.mga2 firefox-hr-10.0.10-1.mga2 firefox-hu-10.0.10-1.mga2 firefox-hy-10.0.10-1.mga2 firefox-id-10.0.10-1.mga2 firefox-is-10.0.10-1.mga2 firefox-it-10.0.10-1.mga2 firefox-ja-10.0.10-1.mga2 firefox-kk-10.0.10-1.mga2 firefox-ko-10.0.10-1.mga2 firefox-kn-10.0.10-1.mga2 firefox-ku-10.0.10-1.mga2 firefox-lg-10.0.10-1.mga2 firefox-lt-10.0.10-1.mga2 firefox-lv-10.0.10-1.mga2 firefox-mai-10.0.10-1.mga2 firefox-mk-10.0.10-1.mga2 firefox-ml-10.0.10-1.mga2 firefox-mr-10.0.10-1.mga2 firefox-nb_NO-10.0.10-1.mga2 firefox-nl-10.0.10-1.mga2 firefox-nn_NO-10.0.10-1.mga2 firefox-nso-10.0.10-1.mga2 firefox-or-10.0.10-1.mga2 firefox-pa_IN-10.0.10-1.mga2 firefox-pl-10.0.10-1.mga2 firefox-pt_BR-10.0.10-1.mga2 firefox-pt_PT-10.0.10-1.mga2 firefox-ro-10.0.10-1.mga2 firefox-ru-10.0.10-1.mga2 firefox-si-10.0.10-1.mga2 firefox-sk-10.0.10-1.mga2 firefox-sl-10.0.10-1.mga2 firefox-sq-10.0.10-1.mga2 firefox-sr-10.0.10-1.mga2 firefox-sv_SE-10.0.10-1.mga2 firefox-ta-10.0.10-1.mga2 firefox-ta_LK-10.0.10-1.mga2 firefox-te-10.0.10-1.mga2 firefox-th-10.0.10-1.mga2 firefox-tr-10.0.10-1.mga2 firefox-uk-10.0.10-1.mga2 firefox-vi-10.0.10-1.mga2 firefox-zh_CN-10.0.10-1.mga2 firefox-zh_TW-10.0.10-1.mga2 firefox-zu-10.0.10-1.mga2 from SRPMS: rootcerts-20121018.00-1.mga1.src.rpm nspr-4.9.3-1.mga1.src.rpm nss-3.14-1.mga1.src.rpm firefox-10.0.10-1.mga1.src.rpm firefox-l10n-10.0.10-1.mga1.src.rpm rootcerts-20121018.00-1.mga2.src.rpm nspr-4.9.3-1.mga2.src.rpm nss-3.14-1.mga2.src.rpm firefox-10.0.10-1.mga2.src.rpm firefox-l10n-10.0.10-1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
works fine on mga1
Hardware: i586 => All
tested successfully with mga2 i586 with java, flash (over https), bookmarks, add-ons. Languages tested: DE and GB. not regression detected.
Whiteboard: MGA1TOO => MGA1TOO, MGA2-32-OK
Tested https/ftp, flash games, youtube in HD 1080p, no stutters there, java apps/tests. No regressions in my extensions/plugins MGA2, x86_64 Simon/Lemonzest
CC: (none) => lemonzest
tested same procedure as in Comment #2 (including personas, which I only forget in the above listing but tested as well) for mga2 x86_64, mga1 i586 and x86_64.No regression detected. Validate update. Please use advisory and src-rpms from Description. Could someone from sysadmin push to updates? Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO, MGA2-32-OK => MGA1TOO, MGA2-64-OK, MGA2-32-OK, MGA1-32-OK, MGA1-64-OK
Testing complete for firefox-10.0.10-1.mga and firefox-fr-10.0.10-1.mga2 on Mageia release 2 (Official) for x86_64 ,it's ok for me works fine and nothing to report.
CC: (none) => geiger.david68210
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0311
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED