Bug 1748442 - Firefox 69.0 is available
Summary: Firefox 69.0 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: rawhide
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Fedora Extras Quality Assurance
URL: https://www.mozilla.org/en-US/firefox...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-03 15:12 UTC by JayJayJazz
Modified: 2019-10-06 01:27 UTC (History)
12 users (show)

Fixed In Version: firefox-69.0.1-3.fc31 firefox-69.0.1-3.fc30 firefox-69.0.1-3.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-21 00:03:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description JayJayJazz 2019-09-03 15:12:34 UTC 
Description of problem:
Firefox 69.0 is available

Version-Release number of selected component (if applicable):
69.0

Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/


=====
Security

- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
- CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
- CVE-2019-9812: Sandbox escape through Firefox Sync
- CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
- CVE-2019-11743: Cross-origin access to unload event attributes
- CVE-2019-11748: Persistence of WebRTC permissions in a third party context
- CVE-2019-11749: Camera information available without prompting using getUserMedia
- CVE-2019-5849: Out-of-bounds read in Skia
- CVE-2019-11750: Type confusion in Spidermonkey
- CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
- CVE-2019-11738: Content security policy bypass through hash-based sources in directives
- CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
- CVE-2019-11734: Memory safety bugs fixed in Firefox 69
- CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
- CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9


The builds from 2019-08-29 basically all failed. Only for F32 it was successful.
Comment 1 JayJayJazz 2019-09-05 09:30:44 UTC 
Build for F30 is ready:
https://koji.fedoraproject.org/koji/packageinfo?packageID=37

F31 is still building and F29 failed.
Comment 2 Martin Stransky 2019-09-05 15:52:56 UTC 
Yes, unfortunately the update is blocked by nss-3.45 release here, builds are in koji now.
Comment 3 Fedora Update System 2019-09-19 08:24:20 UTC 
FEDORA-2019-7ae551c2bc has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ae551c2bc
Comment 4 Fedora Update System 2019-09-19 08:24:26 UTC 
FEDORA-2019-2b6fab9eb9 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2b6fab9eb9
Comment 5 Fedora Update System 2019-09-20 01:56:32 UTC 
firefox-69.0.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2b6fab9eb9
Comment 6 Fedora Update System 2019-09-20 02:56:29 UTC 
firefox-69.0.1-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ae551c2bc
Comment 7 Fedora Update System 2019-09-20 03:01:44 UTC 
firefox-69.0.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1be2a38fb6
Comment 8 Fedora Update System 2019-09-20 10:14:34 UTC 
FEDORA-2019-7f7bace5b4 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7f7bace5b4
Comment 9 Fedora Update System 2019-09-20 10:14:40 UTC 
FEDORA-2019-f7d21d6ef6 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f7d21d6ef6
Comment 10 Fedora Update System 2019-09-21 00:03:02 UTC 
firefox-69.0.1-3.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2019-09-21 01:24:29 UTC 
firefox-69.0.1-3.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2019-09-21 03:04:29 UTC 
firefox-69.0.1-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-708f4d88de
Comment 13 Fedora Update System 2019-10-06 01:27:30 UTC 
firefox-69.0.1-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.