Bug 29346

Package list in Comment 0, should be showing up on your mirrors now.  Working fine for me on Mageia 8 x86_64.

OK here mga8 x86_64, Plasma, Swedish, Nvidia current, 4 k screen
Resumed a hundred tabs from previous session, 
Video on internet, three banking sites, ...

CC: (none) => fri

MGA8-64 Plasma in Dutch on Lenovo B50
No installation issues.
Used my usual newspaper site to test on text, images, video and sound, all OK. My favorite Manamana on youtube as well.

CC: (none) => herman.viaene

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Uninitialized memory in a canvas object could have caused an incorrect free()
leading to memory corruption and a potentially exploitable crash
(CVE-2021-29980).

Instruction reordering during JIT optimization resulted in a sequence of
instructions that would cause an object to be incorrectly considered during
garbage collection. This led to memory corruption and a potentially
exploitable crash (CVE-2021-29984).

A use-after-free vulnerability in media channels could have led to memory
corruption and a potentially exploitable crash (CVE-2021-29985).

A suspected race condition when calling getaddrinfo while resolving DNS names
could have led to memory corruption and a potentially exploitable crash
(CVE-2021-29986).

Firefox incorrectly treated an inline list-item element as a block element,
resulting in an out of bounds read or memory corruption, and a potentially
exploitable crash (CVE-2021-29988).

Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and
Olli Pettay reported memory safety bugs present in Firefox ESR 78.12. Some of
these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code
(CVE-2021-29989).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/PsqVK-ngKHM
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.69_release_notes
https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/

MGA8-Plasma

The following 8 packages are going to be installed:

- firefox-78.13.0-1.mga8.x86_64
- firefox-en_CA-78.13.0-1.mga8.noarch
- firefox-en_GB-78.13.0-1.mga8.noarch
- firefox-en_US-78.13.0-1.mga8.noarch
- glibc-2.32-18.mga8.x86_64
- glibc-devel-2.32-18.mga8.x86_64
- lib64nss3-3.69.0-1.mga8.x86_64
- nss-3.69.0-1.mga8.x86_64


I've been using it a few hours with no issues.

CC: (none) => brtians1

MGA8, x86_64, Mate, nvidia

BBC weather, logged in to Mageia Bugzilla and the NAS drive on the LAN, checked Lothian Bus Tracker, played DUST scifi video on Youtube, tried a couple of NASA sites and APOD and viewed TTF fonts by linking to local Downloads directory and invoking Mate Font Viewer.  Examined gmail Inbox.

All OK here.

CC: (none) => tarazed25

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0403.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

RedHat has issued an advisory for this today (August 16):
https://access.redhat.com/errata/RHSA-2021:3154

Proper URL for NSS 3.69 release notes is now:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69.html