Bug 7914 - firefox needs to be updated to 10.0.10 for security issues
: firefox needs to be updated to 10.0.10 for security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
:
: MGA1TOO, MGA2-64-OK, MGA2-32-OK, MGA1...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-28 02:20 CET by David Walser
Modified: 2012-10-29 01:00 CET (History)
4 users (show)

See Also:
Source RPM: firefox-10.0.9-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-10-28 02:20:31 CET
RedHat has issued an advisory on October 26:
https://rhn.redhat.com/errata/RHSA-2012-1407.html

Updated packages uploaded for Mageia 1 and Mageia 2.

These include rootcerts, nspr, nss, firefox, and firefox-l10n.

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Multiple flaws were found in the location object implementation in Firefox.
Malicious content could be used to perform cross-site scripting attacks,
bypass the same-origin policy, or cause Firefox to execute arbitrary code
(CVE-2012-4194, CVE-2012-4195, CVE-2012-4196).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://rhn.redhat.com/errata/RHSA-2012-1407.html
========================

Updated packages in core/updates_testing:
========================
rootcerts-20121018.00-1.mga1
rootcerts-java-20121018.00-1.mga1
libnspr4-4.9.3-1.mga1
libnspr-devel-4.9.3-1.mga1
nss-3.14-1.mga1
nss-doc-3.14-1.mga1
libnss3-3.14-1.mga1
libnss-devel-3.14-1.mga1
libnss-static-devel-3.14-1.mga1
firefox-10.0.10-1.mga1
firefox-devel-10.0.10-1.mga1
firefox-af-10.0.10-1.mga1
firefox-ar-10.0.10-1.mga1
firefox-ast-10.0.10-1.mga1
firefox-be-10.0.10-1.mga1
firefox-bg-10.0.10-1.mga1
firefox-bn_IN-10.0.10-1.mga1
firefox-bn_BD-10.0.10-1.mga1
firefox-br-10.0.10-1.mga1
firefox-bs-10.0.10-1.mga1
firefox-ca-10.0.10-1.mga1
firefox-cs-10.0.10-1.mga1
firefox-cy-10.0.10-1.mga1
firefox-da-10.0.10-1.mga1
firefox-de-10.0.10-1.mga1
firefox-el-10.0.10-1.mga1
firefox-en_GB-10.0.10-1.mga1
firefox-en_ZA-10.0.10-1.mga1
firefox-eo-10.0.10-1.mga1
firefox-es_AR-10.0.10-1.mga1
firefox-es_CL-10.0.10-1.mga1
firefox-es_ES-10.0.10-1.mga1
firefox-es_MX-10.0.10-1.mga1
firefox-et-10.0.10-1.mga1
firefox-eu-10.0.10-1.mga1
firefox-fa-10.0.10-1.mga1
firefox-fi-10.0.10-1.mga1
firefox-fr-10.0.10-1.mga1
firefox-fy-10.0.10-1.mga1
firefox-ga_IE-10.0.10-1.mga1
firefox-gd-10.0.10-1.mga1
firefox-gl-10.0.10-1.mga1
firefox-gu_IN-10.0.10-1.mga1
firefox-he-10.0.10-1.mga1
firefox-hi-10.0.10-1.mga1
firefox-hr-10.0.10-1.mga1
firefox-hu-10.0.10-1.mga1
firefox-hy-10.0.10-1.mga1
firefox-id-10.0.10-1.mga1
firefox-is-10.0.10-1.mga1
firefox-it-10.0.10-1.mga1
firefox-ja-10.0.10-1.mga1
firefox-kk-10.0.10-1.mga1
firefox-ko-10.0.10-1.mga1
firefox-kn-10.0.10-1.mga1
firefox-ku-10.0.10-1.mga1
firefox-lg-10.0.10-1.mga1
firefox-lt-10.0.10-1.mga1
firefox-lv-10.0.10-1.mga1
firefox-mai-10.0.10-1.mga1
firefox-mk-10.0.10-1.mga1
firefox-ml-10.0.10-1.mga1
firefox-mr-10.0.10-1.mga1
firefox-nb_NO-10.0.10-1.mga1
firefox-nl-10.0.10-1.mga1
firefox-nn_NO-10.0.10-1.mga1
firefox-nso-10.0.10-1.mga1
firefox-or-10.0.10-1.mga1
firefox-pa_IN-10.0.10-1.mga1
firefox-pl-10.0.10-1.mga1
firefox-pt_BR-10.0.10-1.mga1
firefox-pt_PT-10.0.10-1.mga1
firefox-ro-10.0.10-1.mga1
firefox-ru-10.0.10-1.mga1
firefox-si-10.0.10-1.mga1
firefox-sk-10.0.10-1.mga1
firefox-sl-10.0.10-1.mga1
firefox-sq-10.0.10-1.mga1
firefox-sr-10.0.10-1.mga1
firefox-sv_SE-10.0.10-1.mga1
firefox-ta-10.0.10-1.mga1
firefox-ta_LK-10.0.10-1.mga1
firefox-te-10.0.10-1.mga1
firefox-th-10.0.10-1.mga1
firefox-tr-10.0.10-1.mga1
firefox-uk-10.0.10-1.mga1
firefox-vi-10.0.10-1.mga1
firefox-zh_CN-10.0.10-1.mga1
firefox-zh_TW-10.0.10-1.mga1
firefox-zu-10.0.10-1.mga1
rootcerts-20121018.00-1.mga2
rootcerts-java-20121018.00-1.mga2
libnspr4-4.9.3-1.mga2
libnspr-devel-4.9.3-1.mga2
nss-3.14-1.mga2
nss-doc-3.14-1.mga2
libnss3-3.14-1.mga2
libnss-devel-3.14-1.mga2
libnss-static-devel-3.14-1.mga2
firefox-10.0.10-1.mga2
firefox-devel-10.0.10-1.mga2
firefox-af-10.0.10-1.mga2
firefox-ar-10.0.10-1.mga2
firefox-ast-10.0.10-1.mga2
firefox-be-10.0.10-1.mga2
firefox-bg-10.0.10-1.mga2
firefox-bn_IN-10.0.10-1.mga2
firefox-bn_BD-10.0.10-1.mga2
firefox-br-10.0.10-1.mga2
firefox-bs-10.0.10-1.mga2
firefox-ca-10.0.10-1.mga2
firefox-cs-10.0.10-1.mga2
firefox-cy-10.0.10-1.mga2
firefox-da-10.0.10-1.mga2
firefox-de-10.0.10-1.mga2
firefox-el-10.0.10-1.mga2
firefox-en_GB-10.0.10-1.mga2
firefox-en_ZA-10.0.10-1.mga2
firefox-eo-10.0.10-1.mga2
firefox-es_AR-10.0.10-1.mga2
firefox-es_CL-10.0.10-1.mga2
firefox-es_ES-10.0.10-1.mga2
firefox-es_MX-10.0.10-1.mga2
firefox-et-10.0.10-1.mga2
firefox-eu-10.0.10-1.mga2
firefox-fa-10.0.10-1.mga2
firefox-fi-10.0.10-1.mga2
firefox-fr-10.0.10-1.mga2
firefox-fy-10.0.10-1.mga2
firefox-ga_IE-10.0.10-1.mga2
firefox-gd-10.0.10-1.mga2
firefox-gl-10.0.10-1.mga2
firefox-gu_IN-10.0.10-1.mga2
firefox-he-10.0.10-1.mga2
firefox-hi-10.0.10-1.mga2
firefox-hr-10.0.10-1.mga2
firefox-hu-10.0.10-1.mga2
firefox-hy-10.0.10-1.mga2
firefox-id-10.0.10-1.mga2
firefox-is-10.0.10-1.mga2
firefox-it-10.0.10-1.mga2
firefox-ja-10.0.10-1.mga2
firefox-kk-10.0.10-1.mga2
firefox-ko-10.0.10-1.mga2
firefox-kn-10.0.10-1.mga2
firefox-ku-10.0.10-1.mga2
firefox-lg-10.0.10-1.mga2
firefox-lt-10.0.10-1.mga2
firefox-lv-10.0.10-1.mga2
firefox-mai-10.0.10-1.mga2
firefox-mk-10.0.10-1.mga2
firefox-ml-10.0.10-1.mga2
firefox-mr-10.0.10-1.mga2
firefox-nb_NO-10.0.10-1.mga2
firefox-nl-10.0.10-1.mga2
firefox-nn_NO-10.0.10-1.mga2
firefox-nso-10.0.10-1.mga2
firefox-or-10.0.10-1.mga2
firefox-pa_IN-10.0.10-1.mga2
firefox-pl-10.0.10-1.mga2
firefox-pt_BR-10.0.10-1.mga2
firefox-pt_PT-10.0.10-1.mga2
firefox-ro-10.0.10-1.mga2
firefox-ru-10.0.10-1.mga2
firefox-si-10.0.10-1.mga2
firefox-sk-10.0.10-1.mga2
firefox-sl-10.0.10-1.mga2
firefox-sq-10.0.10-1.mga2
firefox-sr-10.0.10-1.mga2
firefox-sv_SE-10.0.10-1.mga2
firefox-ta-10.0.10-1.mga2
firefox-ta_LK-10.0.10-1.mga2
firefox-te-10.0.10-1.mga2
firefox-th-10.0.10-1.mga2
firefox-tr-10.0.10-1.mga2
firefox-uk-10.0.10-1.mga2
firefox-vi-10.0.10-1.mga2
firefox-zh_CN-10.0.10-1.mga2
firefox-zh_TW-10.0.10-1.mga2
firefox-zu-10.0.10-1.mga2

from SRPMS:
rootcerts-20121018.00-1.mga1.src.rpm
nspr-4.9.3-1.mga1.src.rpm
nss-3.14-1.mga1.src.rpm
firefox-10.0.10-1.mga1.src.rpm
firefox-l10n-10.0.10-1.mga1.src.rpm
rootcerts-20121018.00-1.mga2.src.rpm
nspr-4.9.3-1.mga2.src.rpm
nss-3.14-1.mga2.src.rpm
firefox-10.0.10-1.mga2.src.rpm
firefox-l10n-10.0.10-1.mga2.src.rpm
Comment 1 Manuel Hiebel 2012-10-28 12:18:02 CET
works fine on mga1
Comment 2 Marc Lattemann 2012-10-28 12:49:37 CET
tested successfully with mga2 i586 with java, flash (over https), bookmarks, add-ons. Languages tested: DE and GB. not regression detected.
Comment 3 Simon Putt 2012-10-28 13:50:25 CET
Tested https/ftp, flash games, youtube in HD 1080p, no stutters there, java apps/tests. No regressions in my extensions/plugins

MGA2, x86_64

Simon/Lemonzest
Comment 4 Marc Lattemann 2012-10-28 14:17:40 CET
tested same procedure as in Comment #2 (including personas, which I only forget in the above listing but tested as well) for mga2 x86_64, mga1 i586 and x86_64.No regression detected.
Validate update. Please use advisory and src-rpms from Description.

Could someone from sysadmin push to updates? Thanks
Comment 5 David GEIGER 2012-10-28 21:42:35 CET
Testing complete for firefox-10.0.10-1.mga and firefox-fr-10.0.10-1.mga2 on Mageia release 2 (Official) for x86_64 ,it's ok for me works fine and nothing to report.
Comment 6 Thomas Backlund 2012-10-29 01:00:33 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0311

Note You need to log in before you can comment on or make changes to this bug.