Bug 30583

Summary: Firefox 91.11
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, davidwhodgins, fri, herman.viaene, joselp, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: rootcerts, nss, firefox CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 30587    

Description David Walser 2022-06-27 23:05:17 CEST 
Mozilla has released Firefox 91.11.0 today (June 27):
https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/

The release notes have not been posted yet.

There are also rootcerts and nss updates:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/EvvZnF-wh14
https://firefox-source-docs.mozilla.org/security/nss/releases/index.html
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html

Package list should be as follows.

Updated packages in core/updates_testing:
========================================
rootcerts-20220610.00-1.mga8
rootcerts-java-20220610.00-1.mga8
nss-3.80.0-1.mga8
nss-doc-3.80.0-1.mga8
libnss3-3.80.0-1.mga8
libnss-devel-3.80.0-1.mga8
libnss-static-devel-3.80.0-1.mga8
firefox-91.11.0-1.mga8
firefox-ru-91.11.0-1.mga8
firefox-uk-91.11.0-1.mga8
firefox-be-91.11.0-1.mga8
firefox-el-91.11.0-1.mga8
firefox-kk-91.11.0-1.mga8
firefox-th-91.11.0-1.mga8
firefox-pa_IN-91.11.0-1.mga8
firefox-ka-91.11.0-1.mga8
firefox-ja-91.11.0-1.mga8
firefox-bg-91.11.0-1.mga8
firefox-sr-91.11.0-1.mga8
firefox-hy_AM-91.11.0-1.mga8
firefox-ko-91.11.0-1.mga8
firefox-zh_TW-91.11.0-1.mga8
firefox-vi-91.11.0-1.mga8
firefox-zh_CN-91.11.0-1.mga8
firefox-hu-91.11.0-1.mga8
firefox-bn-91.11.0-1.mga8
firefox-hi_IN-91.11.0-1.mga8
firefox-ar-91.11.0-1.mga8
firefox-sk-91.11.0-1.mga8
firefox-cs-91.11.0-1.mga8
firefox-ur-91.11.0-1.mga8
firefox-hsb-91.11.0-1.mga8
firefox-lt-91.11.0-1.mga8
firefox-te-91.11.0-1.mga8
firefox-fr-91.11.0-1.mga8
firefox-he-91.11.0-1.mga8
firefox-pl-91.11.0-1.mga8
firefox-sq-91.11.0-1.mga8
firefox-fa-91.11.0-1.mga8
firefox-de-91.11.0-1.mga8
firefox-oc-91.11.0-1.mga8
firefox-tr-91.11.0-1.mga8
firefox-kab-91.11.0-1.mga8
firefox-es_MX-91.11.0-1.mga8
firefox-es_AR-91.11.0-1.mga8
firefox-es_CL-91.11.0-1.mga8
firefox-pt_PT-91.11.0-1.mga8
firefox-fy_NL-91.11.0-1.mga8
firefox-pt_BR-91.11.0-1.mga8
firefox-gl-91.11.0-1.mga8
firefox-cy-91.11.0-1.mga8
firefox-sv_SE-91.11.0-1.mga8
firefox-gd-91.11.0-1.mga8
firefox-km-91.11.0-1.mga8
firefox-ro-91.11.0-1.mga8
firefox-mr-91.11.0-1.mga8
firefox-gu_IN-91.11.0-1.mga8
firefox-hr-91.11.0-1.mga8
firefox-sl-91.11.0-1.mga8
firefox-nl-91.11.0-1.mga8
firefox-es_ES-91.11.0-1.mga8
firefox-eo-91.11.0-1.mga8
firefox-ca-91.11.0-1.mga8
firefox-da-91.11.0-1.mga8
firefox-fi-91.11.0-1.mga8
firefox-eu-91.11.0-1.mga8
firefox-ia-91.11.0-1.mga8
firefox-nn_NO-91.11.0-1.mga8
firefox-nb_NO-91.11.0-1.mga8
firefox-br-91.11.0-1.mga8
firefox-id-91.11.0-1.mga8
firefox-tl-91.11.0-1.mga8
firefox-my-91.11.0-1.mga8
firefox-ta-91.11.0-1.mga8
firefox-en_GB-91.11.0-1.mga8
firefox-szl-91.11.0-1.mga8
firefox-en_CA-91.11.0-1.mga8
firefox-an-91.11.0-1.mga8
firefox-ast-91.11.0-1.mga8
firefox-kn-91.11.0-1.mga8
firefox-az-91.11.0-1.mga8
firefox-si-91.11.0-1.mga8
firefox-en_US-91.11.0-1.mga8
firefox-et-91.11.0-1.mga8
firefox-ff-91.11.0-1.mga8
firefox-lij-91.11.0-1.mga8
firefox-uz-91.11.0-1.mga8
firefox-is-91.11.0-1.mga8nss-3.80.0-1.mga8
nss-doc-3.80.0-1.mga8
libnss3-3.80.0-1.mga8
libnss-devel-3.80.0-1.mga8
libnss-static-devel-3.80.0-1.mga8
firefox-91.11.0-1.mga8
firefox-ru-91.11.0-1.mga8
firefox-uk-91.11.0-1.mga8
firefox-be-91.11.0-1.mga8
firefox-el-91.11.0-1.mga8
firefox-kk-91.11.0-1.mga8
firefox-th-91.11.0-1.mga8
firefox-pa_IN-91.11.0-1.mga8
firefox-ka-91.11.0-1.mga8
firefox-ja-91.11.0-1.mga8
firefox-bg-91.11.0-1.mga8
firefox-sr-91.11.0-1.mga8
firefox-hy_AM-91.11.0-1.mga8
firefox-ko-91.11.0-1.mga8
firefox-zh_TW-91.11.0-1.mga8
firefox-vi-91.11.0-1.mga8
firefox-zh_CN-91.11.0-1.mga8
firefox-hu-91.11.0-1.mga8
firefox-bn-91.11.0-1.mga8
firefox-hi_IN-91.11.0-1.mga8
firefox-ar-91.11.0-1.mga8
firefox-sk-91.11.0-1.mga8
firefox-cs-91.11.0-1.mga8
firefox-ur-91.11.0-1.mga8
firefox-hsb-91.11.0-1.mga8
firefox-lt-91.11.0-1.mga8
firefox-te-91.11.0-1.mga8
firefox-fr-91.11.0-1.mga8
firefox-he-91.11.0-1.mga8
firefox-pl-91.11.0-1.mga8
firefox-sq-91.11.0-1.mga8
firefox-fa-91.11.0-1.mga8
firefox-de-91.11.0-1.mga8
firefox-oc-91.11.0-1.mga8
firefox-tr-91.11.0-1.mga8
firefox-kab-91.11.0-1.mga8
firefox-es_MX-91.11.0-1.mga8
firefox-es_AR-91.11.0-1.mga8
firefox-es_CL-91.11.0-1.mga8
firefox-pt_PT-91.11.0-1.mga8
firefox-fy_NL-91.11.0-1.mga8
firefox-pt_BR-91.11.0-1.mga8
firefox-gl-91.11.0-1.mga8
firefox-cy-91.11.0-1.mga8
firefox-sv_SE-91.11.0-1.mga8
firefox-gd-91.11.0-1.mga8
firefox-km-91.11.0-1.mga8
firefox-ro-91.11.0-1.mga8
firefox-mr-91.11.0-1.mga8
firefox-gu_IN-91.11.0-1.mga8
firefox-hr-91.11.0-1.mga8
firefox-sl-91.11.0-1.mga8
firefox-nl-91.11.0-1.mga8
firefox-es_ES-91.11.0-1.mga8
firefox-eo-91.11.0-1.mga8
firefox-ca-91.11.0-1.mga8
firefox-da-91.11.0-1.mga8
firefox-fi-91.11.0-1.mga8
firefox-eu-91.11.0-1.mga8
firefox-ia-91.11.0-1.mga8
firefox-nn_NO-91.11.0-1.mga8
firefox-nb_NO-91.11.0-1.mga8
firefox-br-91.11.0-1.mga8
firefox-id-91.11.0-1.mga8
firefox-tl-91.11.0-1.mga8
firefox-my-91.11.0-1.mga8
firefox-ta-91.11.0-1.mga8
firefox-en_GB-91.11.0-1.mga8
firefox-szl-91.11.0-1.mga8
firefox-en_CA-91.11.0-1.mga8
firefox-an-91.11.0-1.mga8
firefox-ast-91.11.0-1.mga8
firefox-kn-91.11.0-1.mga8
firefox-az-91.11.0-1.mga8
firefox-si-91.11.0-1.mga8
firefox-en_US-91.11.0-1.mga8
firefox-et-91.11.0-1.mga8
firefox-ff-91.11.0-1.mga8
firefox-lij-91.11.0-1.mga8
firefox-uz-91.11.0-1.mga8
firefox-is-91.11.0-1.mga8
firefox-mk-91.11.0-1.mga8
firefox-lv-91.11.0-1.mga8
firefox-bs-91.11.0-1.mga8
firefox-ga_IE-91.11.0-1.mga8
firefox-it-91.11.0-1.mga8
firefox-ms-91.11.0-1.mga8
firefox-xh-91.11.0-1.mga8
firefox-af-91.11.0-1.mga8

from SRPMS:
rootcerts-20220610.00-1.mga8.src.rpm
nss-3.80.0-1.mga8.src.rpm
firefox-91.11.0-1.mga8.src.rpm
firefox-l10n-91.11.0-1.mga8.src.rpm
Comment 1 David Walser 2022-06-28 15:33:20 CEST 
Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

If an object prototype was corrupted by an attacker, they would have been able
to set undesired attributes on a JavaScript object, leading to privileged code
execution (CVE-2022-2200).

An attacker could have injected CSS into stylesheets accessible via internal
URIs, such as resource:, and in doing so bypass a page's Content Security
Policy (CVE-2022-31744).

Content Security Policy sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI. An iframe that was not permitted to run
scripts could do so if the user clicked on a javascript: link
(CVE-2022-34468).

Navigations between XML documents may have led to a use-after-free in
nsSHistory and potentially exploitable crash (CVE-2022-34470).

If there was a PAC URL set and the server that hosts the PAC was not
reachable, OCSP requests would have been blocked, resulting in incorrect error
pages being shown (CVE-2022-34472).

A malicious website that could create a popup could have resized the popup to
overlay the address bar with its own content, resulting in potential user
confusion or spoofing attacks (CVE-2022-34479).

In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could
have occurred when the number of elements to replace was too large for the
container (CVE-2022-34481).

The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox
ESR 91.10. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been exploited to run
arbitrary code (CVE-2022-34484).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/EvvZnF-wh14
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/

Assignee: luigiwalser => qa-bugs

Comment 2 Herman Viaene 2022-06-28 17:15:02 CEST 
MGA8-64 Plasma on Acer Aspire 5253
No installation issues.
Surfing and searching, I cann't find anything wrong.

CC: (none) => herman.viaene

Comment 3 Jose Manuel López 2022-06-28 17:27:35 CEST 
Mga8-x64 on Vbox Asus Laptop
No installation issues.
Web ok, banks ok, video and audio ok. All ok for the moment.

CC: (none) => joselp

Comment 4 Morgan Leijström 2022-06-28 18:03:29 CEST 
mga8-64, Plasma, nvidia-current, intel i7
Swedish localisation
Settings and tabs kept
Used a few banks and shops, played some video sites

CC: (none) => fri

Comment 5 sturmvogel 2022-06-29 11:44:49 CEST 
*** Bug 30587 has been marked as a duplicate of this bug. ***

CC: (none) => nicolas.salguero

Nicolas Salguero 2022-06-29 14:18:30 CEST

Blocks: (none) => 30587

Comment 6 Thomas Andrews 2022-07-01 15:48:36 CEST 
Looks good here, too. OKing, and validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Comment 7 David Walser 2022-07-01 15:52:37 CEST 
RedHat has issued an advisory for this on June 30:
https://access.redhat.com/errata/RHSA-2022:5469
Dave Hodgins 2022-07-04 23:27:54 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2022-07-05 21:12:38 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0251.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED