2061284 – Firefox 97.0.2 is available due to critical security bug CVE-2022-26485

Bug 2061284 - Firefox 97.0.2 is available due to critical security bug CVE-2022-26485 [NEEDINFO]

Summary: Firefox 97.0.2 is available due to critical security bug CVE-2022-26485

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	35
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Gecko Maintainer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2061465 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-07 09:21 UTC by Markus Teuber
Modified:	2022-03-11 14:46 UTC (History)
CC List:	19 users (show)
Fixed In Version:	firefox-98.0-2.fc35
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-11 14:46:51 UTC
Type:	Bug
Dependent Products:
Flags:	klaas: needinfo? (stransky)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Markus Teuber 2022-03-07 09:21:20 UTC

Description of problem:
Firefox 97.0.2 is available due to critical security things.

Can you please build firefox 97.0.2? Thanks for all your work and time.

Comment 1 Edgar Hoch 2022-03-07 09:40:30 UTC

See https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/

Comment 2 Christian Stadelmann 2022-03-07 20:59:29 UTC

*** Bug 2061465 has been marked as a duplicate of this bug. ***

Comment 3 Graham Williamson 2022-03-08 04:09:34 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ also references CVE-2022-26486 as well.

Comment 4 Graham Williamson 2022-03-08 04:17:40 UTC

Mozilla has also reported these zero days as being exploited in the wild.

Comment 5 Michal Ambroz 2022-03-08 11:04:18 UTC

Build in koji seems to be OK - https://koji.fedoraproject.org/koji/packageinfo?packageID=37
But it has not been submitted as update. Please can anyone with commit rights to "firefox" submit the update?

Comment 6 Klaas Demter 2022-03-08 14:45:56 UTC

the last koji build is not the final 98 build. So I don't think you should use that :) 98 final was released today. I'll guess stransky will update it to the final build in fedora git, then the koji build will be triggered and it'll make it's way into f34/35; 36/37 are blocked by a gcc 12 issue.

Comment 7 Edgar Hoch 2022-03-08 15:29:29 UTC

There is a new advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/

Comment 8 Fedora Update System 2022-03-11 00:07:13 UTC

FEDORA-2022-4f28c7541d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f28c7541d

Comment 9 Fedora Update System 2022-03-11 14:46:51 UTC

FEDORA-2022-4f28c7541d has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.