Bug 2247311

Summary: Update Firefox in Fedora 39 Final to fix CVE-2023-5721
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: erack, gecko-bugs-nobody, jhorak, klaas, robatino, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: AcceptedBlocker
Fixed In Version: firefox-119.0-2.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-02 20:38:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2143446    

Description Adam Williamson 2023-10-31 19:36:17 UTC 
https://access.redhat.com/security/cve/CVE-2023-5721 is rated Important by Red Hat and is fixed in Firefox 119. Therefore we should update Firefox in Fedora 39 final, as this is a violation of Final criterion "The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation)." - obviously bugs in a browser that may well be used on live boot or before first update cannot be 'satisfactorily' resolved with an update.
Comment 1 Fedora Update System 2023-10-31 19:38:41 UTC 
FEDORA-2023-7915c8f546 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7915c8f546
Comment 2 Adam Williamson 2023-10-31 20:57:11 UTC 
+3 in https://pagure.io/fedora-qa/blocker-review/issue/1431 , marking accepted.
Comment 3 Fedora Update System 2023-11-01 01:28:28 UTC 
FEDORA-2023-7915c8f546 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7915c8f546`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7915c8f546

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2023-11-02 20:38:11 UTC 
FEDORA-2023-7915c8f546 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.