Bug 7513

Summary:	[UPDATE REQUEST] nss, firefox, firefox-l10n 49.0.2 → 50.0
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Алзим <alzim>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	alzim, andrey.bondrov, v.potapov, zombie.ryushu
Version:	Fresh	Flags:	v.potapov: qa_verified+ andrey.bondrov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	https://advisories.mageia.org/MGASA-2016-0379.html
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Алзим 2016-11-17 12:09:07 MSK

New Version 50.0
https://www.mozilla.org/en-US/firefox/50.0/releasenotes/

Comment 1 Алзим 2016-11-17 12:24:20 MSK

NSS
Updated to 3.27.1
https://abf.io/build_lists/2754248
https://abf.io/build_lists/2754249

Firefox
Updated to 50.0
https://abf.io/build_lists/2754263
https://abf.io/build_lists/2754264

Firefox-l10n
Updated to 50.0
https://abf.io/build_lists/2754289
https://abf.io/build_lists/2754290

Comment 2 Vladimir Potapov 2016-11-17 14:19:42 MSK

The update is sent to expanded testing
*************************************

Comment 3 Denis Silakov 2016-11-17 20:02:53 MSK

*** Bug 7419 has been marked as a duplicate of this bug. ***

Comment 4 Zombie Ryushu 2016-11-18 01:14:34 MSK

Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066,
CVE-2016-5291, CVE-2016-5290).

A flaw was found in the way Add-on update process was handled by Firefox.
A Man-in-the-Middle attacker could use this flaw to install a malicious
signed add-on update (CVE-2016-9064).

An existing mitigation of timing side-channel attacks in NSS before 3.26.1
is insufficient in some circumstances (CVE-2016-9074).

Comment 5 Vladimir Potapov 2016-11-21 22:12:30 MSK

nss-3.27.1-1
https://abf.io/build_lists/2754248
https://abf.io/build_lists/2754249

firefox-50.0-2
https://abf.io/build_lists/2754263
https://abf.io/build_lists/2754264

firefox-l10n-50.0-2
https://abf.io/build_lists/2754289
https://abf.io/build_lists/2754290
********************** Advisory *****************************
New Version 50.0. Fix crashes and many secure fixes
*************************************************************
QA Verified