1676712 – Firefox 65.0.1 is available

Bug 1676712 - Firefox 65.0.1 is available

Summary: Firefox 65.0.1 is available

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	rawhide
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Martin Stransky
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-02-12 22:58 UTC by JayJayJazz
Modified:	2019-02-28 20:13 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-28 20:13:52 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Mozilla Foundation	1506495	None	None	None	2019-02-28 20:12:30 UTC
Mozilla Foundation	1520200	None	None	None	2019-02-28 20:12:30 UTC
Mozilla Foundation	1521577	None	None	None	2019-02-28 20:12:30 UTC
Mozilla Foundation	1523427	None	None	None	2019-02-28 20:12:31 UTC
Mozilla Foundation	1523635	None	None	None	2019-02-28 20:12:31 UTC
Mozilla Foundation	1523696	None	None	None	2019-02-28 20:12:31 UTC
Mozilla Foundation	1523817	None	None	None	2019-02-28 20:12:31 UTC
Mozilla Foundation	1524500	None	None	None	2019-02-28 20:12:32 UTC
Mozilla Foundation	1525433	None	None	None	2019-02-28 20:12:32 UTC
Mozilla Foundation	1525817	None	None	None	2019-02-28 20:12:31 UTC
Mozilla Foundation	1526218	None	None	None	2019-02-28 20:12:32 UTC
Mozilla Foundation	1526387	None	None	None	2019-02-28 20:12:32 UTC
Red Hat Bugzilla	1676992	high	CLOSED	CVE-2018-18356 firefox: chromium-browser, mozilla: Use after free in Skia [fedora-all]	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1676994	high	CLOSED	CVE-2019-5785 firefox: mozilla: Integer overflow in Skia [fedora-all]	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1676997	medium	CLOSED	CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext	2021-02-22 00:41:40 UTC

Description JayJayJazz 2019-02-12 22:58:37 UTC

Description of problem:
Firefox 65.0.1 is available

Version-Release number of selected component (if applicable):
65.0.1

Actual results:
Firefox 65.0 is available in the repos.

Expected results:
Firefox 65.0.1 should be available in the repos for F28, F29 and "rawhide".

Additional info:
Firefox 65.0.1 contains three Security Fixes:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
- CVE-2018-18356: Use-after-free in Skia
- CVE-2019-5785: Integer overflow in Skia
- CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext

Changelog:
- Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)
- Improved playback of interactive Netflix videos (bug 1524500)
- Fixed color management not working on macOS (bug 1506495)
- Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)
- Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)
- Fixed video sizing problems during some WebRTC calls (bug 1520200)
- Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)
- Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)
- Various stability and security fixes.
- Made support for <meta> viewport tags in Responsive Design Mode, initially enabled in Firefox 64, pref-controlled and off by default (bug 1521814). To restore the previous behavior, change the devtools.responsive.metaViewport.enabled pref to true.

Comment 1 JayJayJazz 2019-02-14 12:47:51 UTC

Hi all,

any plan, when the build for Firefox 65.0.1 is ready?
The mentioned security issues in the skia library seem to be rather critical, because they can cause either an integer overflow and/or a use-after-free issue.

Chrome was also affected by this issue: https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html

Comment 2 Christian Stadelmann 2019-02-17 11:22:52 UTC

It looks like the primary maintainer of firefox is absent and no secondary maintainer does care to react. This is a pressing organizational issue!

Comment 3 JayJayJazz 2019-02-18 11:02:47 UTC

xhorak tried to build 65.0.1, but all builds failed. No update since Saturday.
Any news, when 65.0.1 is ready?

Comment 4 Martin Stransky 2019-02-18 11:04:51 UTC

I'll take care of it.

Comment 5 JayJayJazz 2019-02-28 20:13:52 UTC

Builds are available for F28 and F29. I think we can close it for now.

Note You need to log in before you can comment on or make changes to this bug.