Mozilla Firefox Critical Update (74.0.1 and ESR 68.6.1)

anon2384191 · April 8, 2020, 5:43pm

Any idea when Mozilla Firefox 74.0.1 and ESR 68.6.1 will be available? There are two critical vulnerabilities out now: CVE-2020-6819 and CVE-2020-2820

Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

bma · April 8, 2020, 10:34pm

Fixlets for the versions you have listed were released two days ago on April 6th.

Those have already been superseded by newer updates. Fixlets for the newer versions were released earlier today.

anon2384191 · April 9, 2020, 8:28pm

Thank you, I see them. I subscribe to besadmin-announcements emails and I see the 74.0.1 version was sent 04/06/2020, yet I just got it today, 04/09… My enterprise team may be holding these emails for some reason. I’ll look into it.

A question about relevancy with these new fixlets: starting with 74.0.1 and including 75.0, I am getting 0 relevant machines even though I pushed Firefox 74.0 using BigFix. I had to whittle the 75.0 fixlet down to just ‘exists regapp “firefox.exe” whose (product version of it < “75.0”)’ to my “almost out of the box” very basic Windows 10 machines to find the fixlet relevant.
Weird thing is, when I went back to the fixlet that BigFix pushed instead of my custom whittled down relevance, v75.0 is now populated with relevant Windows 10 machines. 74.0 is populated, yet 74.0.1 is not. Any reason why after almost 24 hours the BigFix fixlet was not relevant until I made my own custom fixlet? I have a feeling if I send out ‘exists regapp “firefox.exe” whose (product version of it < “74.0.1”)’, the 74.0.1 BigFix fixlet will be relevant as well. What’s going on here?

bma · April 10, 2020, 8:45am

Not sure when you had looked at the 74.0.1 fixlets but if we had already superseded them, they won’t be relevant.

Seeing as the Firefox 75.0 fixlets did eventually become relevant for devices, that tells me the relevance itself is correct, assuming those devices had a version of Firefox < 75.0. You can run the relevance directly on the endpoint with Fixlet Debugger or QnA to validate whether the relevance from the fixlet is correct.

This sounds more like an issue with not seeing things reflected properly in the console. It definitely should not take 24 hours for those fixlets to show relevant in your console, assuming the endpoints were subscribed to the Updates for Applications site and not powered off.

You can probably take a look at the client logs to see when the Firefox fixlets got picked up and evaluated on the endpoint.

If this is something you are consistently seeing happen, I’d advise opening a support ticket.

anon2384191 · April 10, 2020, 11:52am

Thank you, I appreciate the info!