| Summary: | Firefox 102.12 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, luigiwalser, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | nss, firefox, firefox-l10n | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 31996 | ||
|
Description
Nicolas Salguero
2023-06-08 15:54:22 CEST
Nicolas Salguero
2023-06-08 15:54:45 CEST
Whiteboard:
(none) =>
MGA8TOO
Nicolas Salguero
2023-06-08 15:55:28 CEST
Severity:
normal =>
critical
David Walser
2023-06-08 16:43:11 CEST
Assignee:
bugsquad =>
luigiwalser There is also an nss update (no rootcerts or nspr updates): https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html https://firefox-source-docs.mozilla.org/security/nss/releases/index.html
David Walser
2023-06-08 22:21:02 CEST
Blocks:
(none) =>
31996 Firefox doesn't build: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/updates_testing/20230608211253.luigiwalser.duvel.2014227/firefox-102.12.0-1.mga9/build.x86_64.0.20230608211306.log Looks like a rust issue in the bundled mp4parse library. Suggested advisory: ======================== The updated packages fix security vulnerabilities: Click-jacking certificate exceptions through rendering lag. (CVE-2023-34414) Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. (CVE-2023-34416) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416 https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html https://firefox-source-docs.mozilla.org/security/nss/releases/index.html https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ ======================== Updated packages in core/updates_testing: ======================== lib(64)nss3-3.90.0-1.mga8 lib(64)nss-devel-3.90.0-1.mga8 lib(64)nss-static-devel-3.90.0-1.mga8 nss-3.90.0-1.mga8 nss-doc-3.90.0-1.mga8 firefox-102.12.0-1.mga8 firefox-es_ES-102.12.0-1.mga8 firefox-en_CA-102.12.0-1.mga8 firefox-he-102.12.0-1.mga8 firefox-sl-102.12.0-1.mga8 firefox-te-102.12.0-1.mga8 firefox-en_GB-102.12.0-1.mga8 firefox-es_CL-102.12.0-1.mga8 firefox-tl-102.12.0-1.mga8 firefox-ja-102.12.0-1.mga8 firefox-ko-102.12.0-1.mga8 firefox-ca-102.12.0-1.mga8 firefox-kk-102.12.0-1.mga8 firefox-my-102.12.0-1.mga8 firefox-oc-102.12.0-1.mga8 firefox-de-102.12.0-1.mga8 firefox-br-102.12.0-1.mga8 firefox-ro-102.12.0-1.mga8 firefox-hu-102.12.0-1.mga8 firefox-nb_NO-102.12.0-1.mga8 firefox-sr-102.12.0-1.mga8 firefox-cy-102.12.0-1.mga8 firefox-is-102.12.0-1.mga8 firefox-it-102.12.0-1.mga8 firefox-fa-102.12.0-1.mga8 firefox-ast-102.12.0-1.mga8 firefox-xh-102.12.0-1.mga8 firefox-nl-102.12.0-1.mga8 firefox-fi-102.12.0-1.mga8 firefox-ka-102.12.0-1.mga8 firefox-hi_IN-102.12.0-1.mga8 firefox-pt_BR-102.12.0-1.mga8 firefox-zh_TW-102.12.0-1.mga8 firefox-kab-102.12.0-1.mga8 firefox-mk-102.12.0-1.mga8 firefox-hsb-102.12.0-1.mga8 firefox-tr-102.12.0-1.mga8 firefox-eu-102.12.0-1.mga8 firefox-szl-102.12.0-1.mga8 firefox-kn-102.12.0-1.mga8 firefox-gl-102.12.0-1.mga8 firefox-gu_IN-102.12.0-1.mga8 firefox-ms-102.12.0-1.mga8 firefox-et-102.12.0-1.mga8 firefox-zh_CN-102.12.0-1.mga8 firefox-fy_NL-102.12.0-1.mga8 firefox-th-102.12.0-1.mga8 firefox-hy_AM-102.12.0-1.mga8 firefox-sk-102.12.0-1.mga8 firefox-bn-102.12.0-1.mga8 firefox-el-102.12.0-1.mga8 firefox-ru-102.12.0-1.mga8 firefox-az-102.12.0-1.mga8 firefox-es_MX-102.12.0-1.mga8 firefox-ff-102.12.0-1.mga8 firefox-nn_NO-102.12.0-1.mga8 firefox-lij-102.12.0-1.mga8 firefox-bs-102.12.0-1.mga8 firefox-fr-102.12.0-1.mga8 firefox-pa_IN-102.12.0-1.mga8 firefox-be-102.12.0-1.mga8 firefox-pt_PT-102.12.0-1.mga8 firefox-en_US-102.12.0-1.mga8 firefox-sv_SE-102.12.0-1.mga8 firefox-eo-102.12.0-1.mga8 firefox-bg-102.12.0-1.mga8 firefox-ur-102.12.0-1.mga8 firefox-pl-102.12.0-1.mga8 firefox-ta-102.12.0-1.mga8 firefox-mr-102.12.0-1.mga8 firefox-id-102.12.0-1.mga8 firefox-es_AR-102.12.0-1.mga8 firefox-sq-102.12.0-1.mga8 firefox-da-102.12.0-1.mga8 firefox-vi-102.12.0-1.mga8 firefox-uk-102.12.0-1.mga8 firefox-hr-102.12.0-1.mga8 firefox-an-102.12.0-1.mga8 firefox-ga_IE-102.12.0-1.mga8 firefox-lt-102.12.0-1.mga8 firefox-si-102.12.0-1.mga8 firefox-ar-102.12.0-1.mga8 firefox-ia-102.12.0-1.mga8 firefox-uz-102.12.0-1.mga8 firefox-af-102.12.0-1.mga8 firefox-gd-102.12.0-1.mga8 firefox-cs-102.12.0-1.mga8 firefox-km-102.12.0-1.mga8 firefox-lv-102.12.0-1.mga8 from SRPMS: nss-3.90.0-1.mga8.src.rpm firefox-102.12.0-1.mga8.src.rpm firefox-l10n-102.12.0-1.mga8.src.rpm Assignee:
luigiwalser =>
qa-bugs No installation issues. Tried several sites, all were OK. CC:
(none) =>
andrewsfarm MGA8-64 MATE ON Acer Aspire 5253 No installation issues. Newspaper site with text, sound video, all OK. CC:
(none) =>
herman.viaene MGA8-64 Plasma on an HP Probook 6550b, updated to the 5.15.116-1 kernel. No installation issues. Read newspaper, tracked a package, logged onto Facebook. No issues. This looks OK to me. Validating. Advisory in comment 3. CC:
(none) =>
sysadmin-bugs
Dave Hodgins
2023-06-15 00:06:56 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0199.html Resolution:
(none) =>
FIXED |