Bug 2061284 - Firefox 97.0.2 is available due to critical security bug CVE-2022-26485 [NEEDINFO]
Summary: Firefox 97.0.2 is available due to critical security bug CVE-2022-26485
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 35
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
: 2061465 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2022-03-07 09:21 UTC by Markus Teuber
Modified: 2022-03-11 14:46 UTC (History)
19 users (show)

Fixed In Version: firefox-98.0-2.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-03-11 14:46:51 UTC
Type: Bug
klaas: needinfo? (stransky)

Attachments (Terms of Use)

Description Markus Teuber 2022-03-07 09:21:20 UTC
Description of problem:
Firefox 97.0.2 is available due to critical security things.

Can you please build firefox 97.0.2? Thanks for all your work and time.

Comment 2 Christian Stadelmann 2022-03-07 20:59:29 UTC
*** Bug 2061465 has been marked as a duplicate of this bug. ***

Comment 3 Graham Williamson 2022-03-08 04:09:34 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ also references CVE-2022-26486 as well.

Comment 4 Graham Williamson 2022-03-08 04:17:40 UTC
Mozilla has also reported these zero days as being exploited in the wild.

Comment 5 Michal Ambroz 2022-03-08 11:04:18 UTC
Build in koji seems to be OK - https://koji.fedoraproject.org/koji/packageinfo?packageID=37
But it has not been submitted as update. Please can anyone with commit rights to "firefox" submit the update?

Comment 6 Klaas Demter 2022-03-08 14:45:56 UTC
the last koji build is not the final 98 build. So I don't think you should use that :) 98 final was released today. I'll guess stransky will update it to the final build in fedora git, then the koji build will be triggered and it'll make it's way into f34/35; 36/37 are blocked by a gcc 12 issue.

Comment 7 Edgar Hoch 2022-03-08 15:29:29 UTC
There is a new advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/

Comment 8 Fedora Update System 2022-03-11 00:07:13 UTC
FEDORA-2022-4f28c7541d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f28c7541d

Comment 9 Fedora Update System 2022-03-11 14:46:51 UTC
FEDORA-2022-4f28c7541d has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.