Bug 32477

Moreover Mozilla has released NSS 3.94 on October 2:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => nss, firefox, firefox-l10n
CC: (none) => nicolas.salguero

Nicolas, once again changing you from CC to assignee as it is you who updates Firefox. Please re-assign it if that is not right.

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)

Address bar spoofing via bidirectional characters. (CVE-2023-5732)

Large WebGL draw could have led to a crash. (CVE-2023-5724)

WebExtensions could open arbitrary URLs. (CVE-2023-5725)

Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)

Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730
https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html
========================

Updated packages in core/updates_testing:
========================
lib(64)nss3-3.94.0-1.mga9
lib(64)nss-devel-3.94.0-1.mga9
lib(64)nss-static-devel-3.94.0-1.mga9
nss-3.94.0-1.mga9
nss-doc-3.94.0-1.mga9

firefox-115.4.0-1.mga9
firefox-af-115.4.0-1.mga9
firefox-an-115.4.0-1.mga9
firefox-ar-115.4.0-1.mga9
firefox-ast-115.4.0-1.mga9
firefox-az-115.4.0-1.mga9
firefox-be-115.4.0-1.mga9
firefox-bg-115.4.0-1.mga9
firefox-bn-115.4.0-1.mga9
firefox-br-115.4.0-1.mga9
firefox-bs-115.4.0-1.mga9
firefox-ca-115.4.0-1.mga9
firefox-cs-115.4.0-1.mga9
firefox-cy-115.4.0-1.mga9
firefox-da-115.4.0-1.mga9
firefox-de-115.4.0-1.mga9
firefox-el-115.4.0-1.mga9
firefox-en_CA-115.4.0-1.mga9
firefox-en_GB-115.4.0-1.mga9
firefox-en_US-115.4.0-1.mga9
firefox-eo-115.4.0-1.mga9
firefox-es_AR-115.4.0-1.mga9
firefox-es_CL-115.4.0-1.mga9
firefox-es_ES-115.4.0-1.mga9
firefox-es_MX-115.4.0-1.mga9
firefox-et-115.4.0-1.mga9
firefox-eu-115.4.0-1.mga9
firefox-fa-115.4.0-1.mga9
firefox-ff-115.4.0-1.mga9
firefox-fi-115.4.0-1.mga9
firefox-fr-115.4.0-1.mga9
firefox-fur-115.4.0-1.mga9
firefox-fy_NL-115.4.0-1.mga9
firefox-ga_IE-115.4.0-1.mga9
firefox-gd-115.4.0-1.mga9
firefox-gl-115.4.0-1.mga9
firefox-gu_IN-115.4.0-1.mga9
firefox-he-115.4.0-1.mga9
firefox-hi_IN-115.4.0-1.mga9
firefox-hr-115.4.0-1.mga9
firefox-hsb-115.4.0-1.mga9
firefox-hu-115.4.0-1.mga9
firefox-hy_AM-115.4.0-1.mga9
firefox-ia-115.4.0-1.mga9
firefox-id-115.4.0-1.mga9
firefox-is-115.4.0-1.mga9
firefox-it-115.4.0-1.mga9
firefox-ja-115.4.0-1.mga9
firefox-ka-115.4.0-1.mga9
firefox-kab-115.4.0-1.mga9
firefox-kk-115.4.0-1.mga9
firefox-km-115.4.0-1.mga9
firefox-kn-115.4.0-1.mga9
firefox-ko-115.4.0-1.mga9
firefox-lij-115.4.0-1.mga9
firefox-lt-115.4.0-1.mga9
firefox-lv-115.4.0-1.mga9
firefox-mk-115.4.0-1.mga9
firefox-mr-115.4.0-1.mga9
firefox-ms-115.4.0-1.mga9
firefox-my-115.4.0-1.mga9
firefox-nb_NO-115.4.0-1.mga9
firefox-nl-115.4.0-1.mga9
firefox-nn_NO-115.4.0-1.mga9
firefox-oc-115.4.0-1.mga9
firefox-pa_IN-115.4.0-1.mga9
firefox-pl-115.4.0-1.mga9
firefox-pt_BR-115.4.0-1.mga9
firefox-pt_PT-115.4.0-1.mga9
firefox-ro-115.4.0-1.mga9
firefox-ru-115.4.0-1.mga9
firefox-sc-115.4.0-1.mga9
firefox-si-115.4.0-1.mga9
firefox-sk-115.4.0-1.mga9
firefox-sl-115.4.0-1.mga9
firefox-sq-115.4.0-1.mga9
firefox-sr-115.4.0-1.mga9
firefox-sv_SE-115.4.0-1.mga9
firefox-szl-115.4.0-1.mga9
firefox-ta-115.4.0-1.mga9
firefox-te-115.4.0-1.mga9
firefox-tg-115.4.0-1.mga9
firefox-th-115.4.0-1.mga9
firefox-tl-115.4.0-1.mga9
firefox-tr-115.4.0-1.mga9
firefox-uk-115.4.0-1.mga9
firefox-ur-115.4.0-1.mga9
firefox-uz-115.4.0-1.mga9
firefox-vi-115.4.0-1.mga9
firefox-xh-115.4.0-1.mga9
firefox-zh_CN-115.4.0-1.mga9
firefox-zh_TW-115.4.0-1.mga9

from SRPMS:
nss-3.94.0-1.mga9.src.rpm
firefox-115.4.0-1.mga9.src.rpm
firefox-l10n-115.4.0-1.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
CC: (none) => nicolas.salguero

Advisory from comment 3 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

Keywords: (none) => advisory
CC: (none) => marja11

MGA9-64 Xfce on Acer  Aspire 5253
No  installation issues.
Usual newspaper site, youtube, banksite, all OK.

CC: (none) => herman.viaene

Could you please consider to add support for Wayland in the next build?

--enable-default-toolkit=cairo-gtk3-wayland

CC: (none) => xerxes2

mga9-64 OK for me

Plasma X11, nvidia470 on GTX750, kernel-linus-6.4.16-5, Intel i7-870

Localisation (Swedish) OK
Restored tabs, about 100
My usual test of some banking, shops, and video sites

----

Some warnings appear on launch:
(I have seen the GLib-GIO-WARNING from other applications)

$ firefox
kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "Mozilla Firefox" msgid_plural: "" msgctxt: ""
kf.kio.core: Malformed JSON protocol file for protocol: "trash" , number of the ExtraNames fields should match the number of ExtraTypes fields
[Parent 1332539, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.4.0/toolkit/xre/nsSigHandlers.cpp:167

(firefox:1332539): GLib-GIO-WARNING **: 15:40:19.923: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

CC: (none) => fri

MGA9-64 Plasma. No installation issues.

I don't normally launch Firefox from the command line, but if I do I see warnings similar to the ones Morgan is seeing. It doesn't seem to affect function, though, as all websites that I tried worked perfectly.

CC: (none) => andrewsfarm

Hi,

Installed in Mga9 Plasma X86-64. 

Works fine for me for the moment.

Video and audio ok.
Banks ok.
Settings and spanish translation ok.
Digital certificates ok.
Sync account ok.

CC: (none) => joselp

MGA9-64 Plasma on an HP Pavilion 15.

Updated US English versions of Firefox and Thunderbird in one operation, with no installation issues. No operational issues to report, either.

MGA9-32 Xfce on an HP Probook 6550b, using the server kernel. Also MGA9-32 Xfce on real 32-bit hardware, Foolishness - my Dell Inspiron 5100.

No issues with either system. Giving this OKs on both arches, and validating.

Whiteboard: (none) => MGA9-32-OK MGA9-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0308.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED