Bug 32762

NSS 3.97 seems to have been released on January 22.

Source RPM: (none) => nss, firefox, firefox-l10n

Nicolas, you being the maintainer of Firefox, assigning this to you.

Assignee: bugsquad => nicolas.salguero

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Out of bounds write in ANGLE. (CVE-2024-0741)

Failure to update user input timestamp. (CVE-2024-0742)

Crash when listing printers on Linux. (CVE-2024-0746)

Bypass of Content Security Policy when directive unsafe-inline was set. (CVE-2024-0747)

Phishing site popup could show local origin in address bar. (CVE-2024-0749)

Potential permissions request bypass via clickjacking. (CVE-2024-0750)

Privilege escalation through devtools. (CVE-2024-0751)

HSTS policy on subdomain could bypass policy of upper domain. (CVE-2024-0753)

Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. (CVE-2024-0755)

References:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/
========================

Updated packages in core/updates_testing:
========================
lib(64)nss3-3.97.0-1.mga9
lib(64)nss-devel-3.97.0-1.mga9
lib(64)nss-static-devel-3.97.0-1.mga9
nss-3.97.0-1.mga9
nss-doc-3.97.0-1.mga9

firefox-115.7.0-1.mga9
firefox-af-115.7.0-1.mga9
firefox-an-115.7.0-1.mga9
firefox-ar-115.7.0-1.mga9
firefox-ast-115.7.0-1.mga9
firefox-az-115.7.0-1.mga9
firefox-be-115.7.0-1.mga9
firefox-bg-115.7.0-1.mga9
firefox-bn-115.7.0-1.mga9
firefox-br-115.7.0-1.mga9
firefox-bs-115.7.0-1.mga9
firefox-ca-115.7.0-1.mga9
firefox-cs-115.7.0-1.mga9
firefox-cy-115.7.0-1.mga9
firefox-da-115.7.0-1.mga9
firefox-de-115.7.0-1.mga9
firefox-el-115.7.0-1.mga9
firefox-en_CA-115.7.0-1.mga9
firefox-en_GB-115.7.0-1.mga9
firefox-en_US-115.7.0-1.mga9
firefox-eo-115.7.0-1.mga9
firefox-es_AR-115.7.0-1.mga9
firefox-es_CL-115.7.0-1.mga9
firefox-es_ES-115.7.0-1.mga9
firefox-es_MX-115.7.0-1.mga9
firefox-et-115.7.0-1.mga9
firefox-eu-115.7.0-1.mga9
firefox-fa-115.7.0-1.mga9
firefox-ff-115.7.0-1.mga9
firefox-fi-115.7.0-1.mga9
firefox-fr-115.7.0-1.mga9
firefox-fur-115.7.0-1.mga9
firefox-fy_NL-115.7.0-1.mga9
firefox-ga_IE-115.7.0-1.mga9
firefox-gd-115.7.0-1.mga9
firefox-gl-115.7.0-1.mga9
firefox-gu_IN-115.7.0-1.mga9
firefox-he-115.7.0-1.mga9
firefox-hi_IN-115.7.0-1.mga9
firefox-hr-115.7.0-1.mga9
firefox-hsb-115.7.0-1.mga9
firefox-hu-115.7.0-1.mga9
firefox-hy_AM-115.7.0-1.mga9
firefox-ia-115.7.0-1.mga9
firefox-id-115.7.0-1.mga9
firefox-is-115.7.0-1.mga9
firefox-it-115.7.0-1.mga9
firefox-ja-115.7.0-1.mga9
firefox-ka-115.7.0-1.mga9
firefox-kab-115.7.0-1.mga9
firefox-kk-115.7.0-1.mga9
firefox-km-115.7.0-1.mga9
firefox-kn-115.7.0-1.mga9
firefox-ko-115.7.0-1.mga9
firefox-lij-115.7.0-1.mga9
firefox-lt-115.7.0-1.mga9
firefox-lv-115.7.0-1.mga9
firefox-mk-115.7.0-1.mga9
firefox-mr-115.7.0-1.mga9
firefox-ms-115.7.0-1.mga9
firefox-my-115.7.0-1.mga9
firefox-nb_NO-115.7.0-1.mga9
firefox-nl-115.7.0-1.mga9
firefox-nn_NO-115.7.0-1.mga9
firefox-oc-115.7.0-1.mga9
firefox-pa_IN-115.7.0-1.mga9
firefox-pl-115.7.0-1.mga9
firefox-pt_BR-115.7.0-1.mga9
firefox-pt_PT-115.7.0-1.mga9
firefox-ro-115.7.0-1.mga9
firefox-ru-115.7.0-1.mga9
firefox-sc-115.7.0-1.mga9
firefox-si-115.7.0-1.mga9
firefox-sk-115.7.0-1.mga9
firefox-sl-115.7.0-1.mga9
firefox-sq-115.7.0-1.mga9
firefox-sr-115.7.0-1.mga9
firefox-sv_SE-115.7.0-1.mga9
firefox-szl-115.7.0-1.mga9
firefox-ta-115.7.0-1.mga9
firefox-te-115.7.0-1.mga9
firefox-tg-115.7.0-1.mga9
firefox-th-115.7.0-1.mga9
firefox-tl-115.7.0-1.mga9
firefox-tr-115.7.0-1.mga9
firefox-uk-115.7.0-1.mga9
firefox-ur-115.7.0-1.mga9
firefox-uz-115.7.0-1.mga9
firefox-vi-115.7.0-1.mga9
firefox-xh-115.7.0-1.mga9
firefox-zh_CN-115.7.0-1.mga9
firefox-zh_TW-115.7.0-1.mga9

from SRPMS:
nss-3.97.0-1.mga9.src.rpm
firefox-115.7.0-1.mga9.src.rpm
firefox-l10n-115.7.0-1.mga9.src.rpm

CVE: (none) => CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Mageia9, x86_64
Updated these:
lib64nss3-3.97.0-1.mga9
lib64nss-devel-3.97.0-1.mga9
lib64nss-static-devel-3.97.0-1.mga9
nss-3.97.0-1.mga9
nss-doc-3.97.0-1.mga9
firefox-en_CA-115.7.0-1.mga9
firefox-en_GB-115.7.0-1.mga9

Relaunched firefox and restored previous session.
Visited some favourite sites, skimmed Guardian article.
Searched for "dust scifi" and found a film to watch on Youtube.  Sound and video OK.  Logged in to bank and checked balances.
Fine here so far.

CC: (none) => tarazed25

Intel N4020

Installed and used it for a few hours without any issues.

CC: (none) => brtians1

mga9-64 OK for me

nvidia GTX750 using nvidia-current-535.154.05-1
kernel 6.6.14 linus and desktop, CPU Intel i7-870
The new mesa, and X11 in testing

Localisation Swedish OK
Settings and opened tabs preserved
Several banking sites, shops, and different login methods
Some video sites including YouTube

CC: (none) => fri

MGA9-64 Plasma Wayland on HP Pavillion
No isntallation issues
Usual newspaper site, youtube, webmail gmail account, all OK.

CC: (none) => herman.viaene

MGA9-64, Gnome, Xfce, Plasma

No install issues, Firefox working as expected.   I think this is ready for approval.

No install issues on two systems, working as expected.

Validating the update.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0023.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED