Update firefox to fix vulnerability but repo does not have new version

Just read this article: 2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

So I went to command line and checked to see if there are any new firefox versions updated by:

sudo dnf upgrade --refresh

But the newest firefox version 97.0.2 did not show up and get updated.

What should I do? Just wait for the rpm repo to be updated?

1 Like

In general this would be the way to go.

The respective bug tickets appear to be the following

Reading the time difference of the later I would assume that due to the active exploits on one has been informed prior - so no preparation. But it seems they are working on it.

Personally I took the opportunity to switch to the flathub version: Flathub—An app store and build service for Linux

In general you probably don’t need - but as a Silverblue user this does fit better in my ecosystem.

best regards,
Theo

4 Likes

There aren’t currently any 97.0.2 builds in koji or bodhi right now, but there is a Firefox 98 build that you can try if you really need an update now and can’t wait for QA.

https://koji.fedoraproject.org/koji/packageinfo?packageID=37

Obviously, do this at your own risk.

3 Likes

I’m quite sure that the maintainers are aware of the bugs and their fixes—they work with upstream quite closely. From the commit activity, it looks like Firefox 98 is being prepared to be pushed to all Fedora releases.

https://src.fedoraproject.org/rpms/firefox/commits/rawhide

From the twitter account, it looks like its release is imminent:

2 Likes

I’m wondering whether Fedora is affected by these 0-day vulnerabilities? Perhaps not, which would explain the delay?

The Firefox update is ready to test. Please try the update and give feedback to help us get it pushed to everyone.

https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f28c7541d

1 Like

4 posts were split to a new topic: Firefox 98 is broken on arm64