Re: 0-Day: Fedora needs urgent Firefox update 131.0.2 ( current: 131.0.0 )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 10, 2024 at 11:25:30AM +0200, Alexander Sosedkin wrote:
> On Thu, Oct 10, 2024 at 11:19 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote:
> > I checked Koji and there seems no build in process to fix this 0-Day exploitation in firefix
> >
> > https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
> >
> > The "News" about it is already out and exploited:
> >
> > Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
> >
> > The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
> >
> > "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.
> >
> > "We have had reports of this vulnerability being exploited in the wild."
> >
> >
> > Can one assist Martin and start the build process?
> >
> > I send Martin a message, in hope he read it earlier than the list / br ones.
> >
> >
> > From My POV: NoScript will negate the attack on untrusted websites. But ADs on trusted websites will be the most used way to exploit this.
> 
> Don't Panic.
> https://src.fedoraproject.org/rpms/firefox lists 131.0-2 in all branches,
> https://koji.fedoraproject.org/koji/packageinfo?packageID=37 lists a
> dozen of 131.0-2 builds as well.
> 
> Sent from a
> $ rpm -q firefox
> firefox-131.0-2.fc40.x86_64

The version with the fix is:

  firefox-131.0.2-1.fc40.x86_64

This version was in Koji this morning.  I downloaded it from there &
tested it, and added some karma to the package (along with some other
early adopters), and it's currently heading for stable.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux