Bug 2061284

Summary: Firefox 97.0.2 is available due to critical security bug CVE-2022-26485
Product: [Fedora] Fedora Reporter: Markus Teuber <m-teuber>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 35CC: bugzilla, edgar.hoch, erack, fedora, fedoraproject, gecko-bugs-nobody, graham, jhorak, kai-engert-fedora, klaas, me, pjasicek, rebus, rhughes, rstrode, sandmann, stransky, theodor+rh, thomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: firefox-98.0-2.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-11 14:46:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Markus Teuber 2022-03-07 09:21:20 UTC
Description of problem:
Firefox 97.0.2 is available due to critical security things.

Can you please build firefox 97.0.2? Thanks for all your work and time.

Comment 2 Christian Stadelmann 2022-03-07 20:59:29 UTC
*** Bug 2061465 has been marked as a duplicate of this bug. ***

Comment 3 Graham Williamson 2022-03-08 04:09:34 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ also references CVE-2022-26486 as well.

Comment 4 Graham Williamson 2022-03-08 04:17:40 UTC
Mozilla has also reported these zero days as being exploited in the wild.

Comment 5 Michal Ambroz 2022-03-08 11:04:18 UTC
Build in koji seems to be OK - https://koji.fedoraproject.org/koji/packageinfo?packageID=37
But it has not been submitted as update. Please can anyone with commit rights to "firefox" submit the update?

Comment 6 Klaas Weyermann 2022-03-08 14:45:56 UTC
the last koji build is not the final 98 build. So I don't think you should use that :) 98 final was released today. I'll guess stransky will update it to the final build in fedora git, then the koji build will be triggered and it'll make it's way into f34/35; 36/37 are blocked by a gcc 12 issue.

Comment 7 Edgar Hoch 2022-03-08 15:29:29 UTC
There is a new advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/

Comment 8 Fedora Update System 2022-03-11 00:07:13 UTC
FEDORA-2022-4f28c7541d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f28c7541d

Comment 9 Fedora Update System 2022-03-11 14:46:51 UTC
FEDORA-2022-4f28c7541d has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Red Hat Bugzilla 2023-09-15 01:22:37 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days