Bug 1676712 - Firefox 65.0.1 is available
Summary: Firefox 65.0.1 is available
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: rawhide
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-12 22:58 UTC by JayJayJazz
Modified: 2019-02-28 20:13 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-28 20:13:52 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Mozilla Foundation 1506495 None None None 2019-02-28 20:12:30 UTC
Mozilla Foundation 1520200 None None None 2019-02-28 20:12:30 UTC
Mozilla Foundation 1521577 None None None 2019-02-28 20:12:30 UTC
Mozilla Foundation 1523427 None None None 2019-02-28 20:12:31 UTC
Mozilla Foundation 1523635 None None None 2019-02-28 20:12:31 UTC
Mozilla Foundation 1523696 None None None 2019-02-28 20:12:31 UTC
Mozilla Foundation 1523817 None None None 2019-02-28 20:12:31 UTC
Mozilla Foundation 1524500 None None None 2019-02-28 20:12:32 UTC
Mozilla Foundation 1525433 None None None 2019-02-28 20:12:32 UTC
Mozilla Foundation 1525817 None None None 2019-02-28 20:12:31 UTC
Mozilla Foundation 1526218 None None None 2019-02-28 20:12:32 UTC
Mozilla Foundation 1526387 None None None 2019-02-28 20:12:32 UTC
Red Hat Bugzilla 1676992 None NEW CVE-2018-18356 firefox: chromium-browser, mozilla: Use after free in Skia [fedora-all] 2019-02-28 20:12:30 UTC
Red Hat Bugzilla 1676994 None NEW CVE-2019-5785 firefox: mozilla: Integer overflow in Skia [fedora-all] 2019-02-28 20:12:30 UTC
Red Hat Bugzilla 1676997 None NEW CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 2019-02-28 20:12:30 UTC

Description JayJayJazz 2019-02-12 22:58:37 UTC
Description of problem:
Firefox 65.0.1 is available

Version-Release number of selected component (if applicable):
65.0.1

Actual results:
Firefox 65.0 is available in the repos.

Expected results:
Firefox 65.0.1 should be available in the repos for F28, F29 and "rawhide".

Additional info:
Firefox 65.0.1 contains three Security Fixes:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
- CVE-2018-18356: Use-after-free in Skia
- CVE-2019-5785: Integer overflow in Skia
- CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext

Changelog:
- Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)
- Improved playback of interactive Netflix videos (bug 1524500)
- Fixed color management not working on macOS (bug 1506495)
- Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)
- Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)
- Fixed video sizing problems during some WebRTC calls (bug 1520200)
- Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)
- Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)
- Various stability and security fixes.
- Made support for <meta> viewport tags in Responsive Design Mode, initially enabled in Firefox 64, pref-controlled and off by default (bug 1521814). To restore the previous behavior, change the devtools.responsive.metaViewport.enabled pref to true.

Comment 1 JayJayJazz 2019-02-14 12:47:51 UTC
Hi all,

any plan, when the build for Firefox 65.0.1 is ready?
The mentioned security issues in the skia library seem to be rather critical, because they can cause either an integer overflow and/or a use-after-free issue.

Chrome was also affected by this issue: https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html

Comment 2 Christian Stadelmann 2019-02-17 11:22:52 UTC
It looks like the primary maintainer of firefox is absent and no secondary maintainer does care to react. This is a pressing organizational issue!

Comment 3 JayJayJazz 2019-02-18 11:02:47 UTC
xhorak tried to build 65.0.1, but all builds failed. No update since Saturday.
Any news, when 65.0.1 is ready?

Comment 4 Martin Stransky 2019-02-18 11:04:51 UTC
I'll take care of it.

Comment 5 JayJayJazz 2019-02-28 20:13:52 UTC
Builds are available for F28 and F29. I think we can close it for now.


Note You need to log in before you can comment on or make changes to this bug.