On Thu, Oct 10, 2024 at 11:25:30AM +0200, Alexander Sosedkin wrote: > On Thu, Oct 10, 2024 at 11:19 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > > I checked Koji and there seems no build in process to fix this 0-Day exploitation in firefix > > > > https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ > > > > The "News" about it is already out and exploited: > > > > Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. > > > > The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. > > > > "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory. > > > > "We have had reports of this vulnerability being exploited in the wild." > > > > > > Can one assist Martin and start the build process? > > > > I send Martin a message, in hope he read it earlier than the list / br ones. > > > > > > From My POV: NoScript will negate the attack on untrusted websites. But ADs on trusted websites will be the most used way to exploit this. > > Don't Panic. > https://src.fedoraproject.org/rpms/firefox lists 131.0-2 in all branches, > https://koji.fedoraproject.org/koji/packageinfo?packageID=37 lists a > dozen of 131.0-2 builds as well. > > Sent from a > $ rpm -q firefox > firefox-131.0-2.fc40.x86_64 The version with the fix is: firefox-131.0.2-1.fc40.x86_64 This version was in Koji this morning. I downloaded it from there & tested it, and added some karma to the package (along with some other early adopters), and it's currently heading for stable. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue