Bug 32986

excuse me assigning this to you, but you normally update these pkgs.

Assignee: bugsquad => nicolas.salguero

mga9-64 OK here, clean update
Remembered settings and a hundred+ open tabs
Swedish locale
Video sites
Banking sites
Webshops
Mageia pages :)
Printing

Seem to be OK to set to QA

Assignee: nicolas.salguero => qa-bugs
CC: (none) => fri

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Crash in NSS TLS method. (CVE-2024-0743)

JIT code failed to save return registers on Armv7-A. (CVE-2024-2607)

Integer overflow could have led to out of bounds write. (CVE-2024-2608)

Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616)

NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388)

Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610)

Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611)

Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612)

Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614)

References:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html
========================

Updated packages in core/updates_testing:
========================
lib64nss3-3.99.0-1.mga9
lib64nss-devel-3.99.0-1.mga9
lib64nss-static-devel-3.99.0-1.mga9
nss-3.99.0-1.mga9
nss-doc-3.99.0-1.mga9

firefox-115.9.0-1.mga9
firefox-af-115.9.0-1.mga9
firefox-an-115.9.0-1.mga9
firefox-ar-115.9.0-1.mga9
firefox-ast-115.9.0-1.mga9
firefox-az-115.9.0-1.mga9
firefox-be-115.9.0-1.mga9
firefox-bg-115.9.0-1.mga9
firefox-bn-115.9.0-1.mga9
firefox-br-115.9.0-1.mga9
firefox-bs-115.9.0-1.mga9
firefox-ca-115.9.0-1.mga9
firefox-cs-115.9.0-1.mga9
firefox-cy-115.9.0-1.mga9
firefox-da-115.9.0-1.mga9
firefox-de-115.9.0-1.mga9
firefox-el-115.9.0-1.mga9
firefox-en_CA-115.9.0-1.mga9
firefox-en_GB-115.9.0-1.mga9
firefox-en_US-115.9.0-1.mga9
firefox-eo-115.9.0-1.mga9
firefox-es_AR-115.9.0-1.mga9
firefox-es_CL-115.9.0-1.mga9
firefox-es_ES-115.9.0-1.mga9
firefox-es_MX-115.9.0-1.mga9
firefox-et-115.9.0-1.mga9
firefox-eu-115.9.0-1.mga9
firefox-fa-115.9.0-1.mga9
firefox-ff-115.9.0-1.mga9
firefox-fi-115.9.0-1.mga9
firefox-fr-115.9.0-1.mga9
firefox-fur-115.9.0-1.mga9
firefox-fy_NL-115.9.0-1.mga9
firefox-ga_IE-115.9.0-1.mga9
firefox-gd-115.9.0-1.mga9
firefox-gl-115.9.0-1.mga9
firefox-gu_IN-115.9.0-1.mga9
firefox-he-115.9.0-1.mga9
firefox-hi_IN-115.9.0-1.mga9
firefox-hr-115.9.0-1.mga9
firefox-hsb-115.9.0-1.mga9
firefox-hu-115.9.0-1.mga9
firefox-hy_AM-115.9.0-1.mga9
firefox-ia-115.9.0-1.mga9
firefox-id-115.9.0-1.mga9
firefox-is-115.9.0-1.mga9
firefox-it-115.9.0-1.mga9
firefox-ja-115.9.0-1.mga9
firefox-ka-115.9.0-1.mga9
firefox-kab-115.9.0-1.mga9
firefox-kk-115.9.0-1.mga9
firefox-km-115.9.0-1.mga9
firefox-kn-115.9.0-1.mga9
firefox-ko-115.9.0-1.mga9
firefox-lij-115.9.0-1.mga9
firefox-lt-115.9.0-1.mga9
firefox-lv-115.9.0-1.mga9
firefox-mk-115.9.0-1.mga9
firefox-mr-115.9.0-1.mga9
firefox-ms-115.9.0-1.mga9
firefox-my-115.9.0-1.mga9
firefox-nb_NO-115.9.0-1.mga9
firefox-nl-115.9.0-1.mga9
firefox-nn_NO-115.9.0-1.mga9
firefox-oc-115.9.0-1.mga9
firefox-pa_IN-115.9.0-1.mga9
firefox-pl-115.9.0-1.mga9
firefox-pt_BR-115.9.0-1.mga9
firefox-pt_PT-115.9.0-1.mga9
firefox-ro-115.9.0-1.mga9
firefox-ru-115.9.0-1.mga9
firefox-sc-115.9.0-1.mga9
firefox-si-115.9.0-1.mga9
firefox-sk-115.9.0-1.mga9
firefox-sl-115.9.0-1.mga9
firefox-sq-115.9.0-1.mga9
firefox-sr-115.9.0-1.mga9
firefox-sv_SE-115.9.0-1.mga9
firefox-szl-115.9.0-1.mga9
firefox-ta-115.9.0-1.mga9
firefox-te-115.9.0-1.mga9
firefox-tg-115.9.0-1.mga9
firefox-th-115.9.0-1.mga9
firefox-tl-115.9.0-1.mga9
firefox-tr-115.9.0-1.mga9
firefox-uk-115.9.0-1.mga9
firefox-ur-115.9.0-1.mga9
firefox-uz-115.9.0-1.mga9
firefox-vi-115.9.0-1.mga9
firefox-xh-115.9.0-1.mga9
firefox-zh_CN-115.9.0-1.mga9
firefox-zh_TW-115.9.0-1.mga9

from SRPMS:
nss-3.99.0-1.mga9.src.rpm
firefox-115.9.0-1.mga9.src.rpm
firefox-l10n-115.9.0-1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 9

Hi,

Updated in Mageia 9 Plasma x86_64, works fine for now, I have working for this version from yesterday. Banks, Youtube, audio and video, digital certificates, ok. Spanish translation ok, settings and addons ok.


Greetings!

CC: (none) => joselp

MGA9-32bit, Nouveau

The following 6 packages are going to be installed:

- firefox-115.9.0-1.mga9.i586
- firefox-en_CA-115.9.0-1.mga9.noarch
- firefox-en_GB-115.9.0-1.mga9.noarch
- firefox-en_US-115.9.0-1.mga9.noarch
- libnss3-3.99.0-1.mga9.i586
- nss-3.99.0-1.mga9.i586


--

restarted, browsed some pages and interactive apps - working as expected.

CC: (none) => brtians1

MGA9-64 Plasma Wayland on HP-Pavillion.
No installation issues.
No flaws detected.

CC: (none) => herman.viaene

MGA9-64 Plasma on HP Pavilion, A8-4555, AMD 7600G graphics, also on an i5-7500 with nvidia Quadro K620 graphics.

No installation issues, and no issues to report with either machine.

CC: (none) => andrewsfarm

Firefox working fine here on Mate for x64, Intel CPU and graphics.  Had to switch mirror to get it because cz.muni was out of action as second tier to coffee which TJ has already reported as down.

CC: (none) => tarazed25

Mozilla has released Firefox 115.9.1 on March 22:
https://www.mozilla.org/en-US/firefox/115.9.1/releasenotes/

Security issue fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/

Assignee: qa-bugs => nicolas.salguero
Summary: Firefox 115.9 => Firefox 115.9.1
CVE: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614 => CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-29944
Keywords: advisory => (none)
Severity: major => critical

And I was just about ready to let it go. Oh, well.

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Crash in NSS TLS method. (CVE-2024-0743)

JIT code failed to save return registers on Armv7-A. (CVE-2024-2607)

Integer overflow could have led to out of bounds write. (CVE-2024-2608)

Improve handling of out-of-memory conditions in ICU. (CVE-2024-2616)

NSS susceptible to timing attack against RSA decryption. (CVE-2023-5388)

Improper handling of html and body tags enabled CSP nonce leakage. (CVE-2024-2610)

Clickjacking vulnerability could have led to a user accidentally granting permissions. (CVE-2024-2611)

Self referencing object could have potentially led to a use-after-free. (CVE-2024-2612)

Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. (CVE-2024-2614)

Privileged JavaScript Execution via Event Handlers.(CVE-2024-29944)

References:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/
https://www.mozilla.org/en-US/firefox/115.9.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html
========================

Updated packages in core/updates_testing:
========================
lib64nss3-3.99.0-1.mga9
lib64nss-devel-3.99.0-1.mga9
lib64nss-static-devel-3.99.0-1.mga9
nss-3.99.0-1.mga9
nss-doc-3.99.0-1.mga9

firefox-115.9.1-1.mga9
firefox-af-115.9.1-1.mga9
firefox-an-115.9.1-1.mga9
firefox-ar-115.9.1-1.mga9
firefox-ast-115.9.1-1.mga9
firefox-az-115.9.1-1.mga9
firefox-be-115.9.1-1.mga9
firefox-bg-115.9.1-1.mga9
firefox-bn-115.9.1-1.mga9
firefox-br-115.9.1-1.mga9
firefox-bs-115.9.1-1.mga9
firefox-ca-115.9.1-1.mga9
firefox-cs-115.9.1-1.mga9
firefox-cy-115.9.1-1.mga9
firefox-da-115.9.1-1.mga9
firefox-de-115.9.1-1.mga9
firefox-el-115.9.1-1.mga9
firefox-en_CA-115.9.1-1.mga9
firefox-en_GB-115.9.1-1.mga9
firefox-en_US-115.9.1-1.mga9
firefox-eo-115.9.1-1.mga9
firefox-es_AR-115.9.1-1.mga9
firefox-es_CL-115.9.1-1.mga9
firefox-es_ES-115.9.1-1.mga9
firefox-es_MX-115.9.1-1.mga9
firefox-et-115.9.1-1.mga9
firefox-eu-115.9.1-1.mga9
firefox-fa-115.9.1-1.mga9
firefox-ff-115.9.1-1.mga9
firefox-fi-115.9.1-1.mga9
firefox-fr-115.9.1-1.mga9
firefox-fur-115.9.1-1.mga9
firefox-fy_NL-115.9.1-1.mga9
firefox-ga_IE-115.9.1-1.mga9
firefox-gd-115.9.1-1.mga9
firefox-gl-115.9.1-1.mga9
firefox-gu_IN-115.9.1-1.mga9
firefox-he-115.9.1-1.mga9
firefox-hi_IN-115.9.1-1.mga9
firefox-hr-115.9.1-1.mga9
firefox-hsb-115.9.1-1.mga9
firefox-hu-115.9.1-1.mga9
firefox-hy_AM-115.9.1-1.mga9
firefox-ia-115.9.1-1.mga9
firefox-id-115.9.1-1.mga9
firefox-is-115.9.1-1.mga9
firefox-it-115.9.1-1.mga9
firefox-ja-115.9.1-1.mga9
firefox-ka-115.9.1-1.mga9
firefox-kab-115.9.1-1.mga9
firefox-kk-115.9.1-1.mga9
firefox-km-115.9.1-1.mga9
firefox-kn-115.9.1-1.mga9
firefox-ko-115.9.1-1.mga9
firefox-lij-115.9.1-1.mga9
firefox-lt-115.9.1-1.mga9
firefox-lv-115.9.1-1.mga9
firefox-mk-115.9.1-1.mga9
firefox-mr-115.9.1-1.mga9
firefox-ms-115.9.1-1.mga9
firefox-my-115.9.1-1.mga9
firefox-nb_NO-115.9.1-1.mga9
firefox-nl-115.9.1-1.mga9
firefox-nn_NO-115.9.1-1.mga9
firefox-oc-115.9.1-1.mga9
firefox-pa_IN-115.9.1-1.mga9
firefox-pl-115.9.1-1.mga9
firefox-pt_BR-115.9.1-1.mga9
firefox-pt_PT-115.9.1-1.mga9
firefox-ro-115.9.1-1.mga9
firefox-ru-115.9.1-1.mga9
firefox-sc-115.9.1-1.mga9
firefox-si-115.9.1-1.mga9
firefox-sk-115.9.1-1.mga9
firefox-sl-115.9.1-1.mga9
firefox-sq-115.9.1-1.mga9
firefox-sr-115.9.1-1.mga9
firefox-sv_SE-115.9.1-1.mga9
firefox-szl-115.9.1-1.mga9
firefox-ta-115.9.1-1.mga9
firefox-te-115.9.1-1.mga9
firefox-tg-115.9.1-1.mga9
firefox-th-115.9.1-1.mga9
firefox-tl-115.9.1-1.mga9
firefox-tr-115.9.1-1.mga9
firefox-uk-115.9.1-1.mga9
firefox-ur-115.9.1-1.mga9
firefox-uz-115.9.1-1.mga9
firefox-vi-115.9.1-1.mga9
firefox-xh-115.9.1-1.mga9
firefox-zh_CN-115.9.1-1.mga9
firefox-zh_TW-115.9.1-1.mga9

from SRPMS:
nss-3.99.0-1.mga9.src.rpm
firefox-115.9.1-1.mga9.src.rpm
firefox-l10n-115.9.1-1.mga9.src.rpm

Assignee: nicolas.salguero => qa-bugs

Still good on the hardware from Comment 7.

VM mageia 9 x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release" is up-to-date
medium "Core Updates" is up-to-date
medium "Nonfree Release" is up-to-date
medium "Nonfree Updates" is up-to-date
medium "Tainted Release" is up-to-date
medium "Tainted Updates" is up-to-date
medium "BDK-Free-x86_64" is up-to-date
medium "BDK-Free-noarch" is up-to-date
medium "BDK-NonFree-x86_64" is up-to-date


installing firefox-en_CA-115.9.1-1.mga9.noarch.rpm firefox-en_US-115.9.1-1.mga9.noarch.rpm firefox-es_ES-115.9.1-1.mga9.noarch.rpm firefox-en_GB-115.9.1-1.mga9.noarch.rpm firefox-es_MX-115.9.1-1.mga9.noarch.rpm firefox-115.9.1-1.mga9.x86_64.rpm lib64nss3-3.99.0-1.mga9.x86_64.rpm nss-3.99.0-1.mga9.x86_64.rpm firefox-es_CL-115.9.1-1.mga9.noarch.rpm firefox-es_AR-115.9.1-1.mga9.noarch.rpm from //home/qateam/qa-testing/x86_64
Preparing...                     ###########################################################################################
     1/10: nss                   ###########################################################################################
     2/10: lib64nss3             ###########################################################################################
     3/10: firefox               ###########################################################################################
     4/10: firefox-en_CA         ###########################################################################################
     5/10: firefox-en_US         ###########################################################################################
     6/10: firefox-es_ES         ###########################################################################################
     7/10: firefox-en_GB         ###########################################################################################
     8/10: firefox-es_MX         ###########################################################################################
     9/10: firefox-es_CL         ###########################################################################################
    10/10: firefox-es_AR         ###########################################################################################
     1/10: removing firefox-es_AR-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     2/10: removing firefox-es_CL-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     3/10: removing firefox-es_MX-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     4/10: removing firefox-en_GB-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     5/10: removing firefox-es_ES-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     6/10: removing firefox-en_US-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     7/10: removing firefox-0:115.8.0-1.mga9.x86_64
                                 ###########################################################################################
     8/10: removing firefox-en_CA-115.8.0-1.mga9.noarch
                                 ###########################################################################################
     9/10: removing lib64nss3-2:3.98.0-1.mga9.x86_64
                                 ###########################################################################################
    10/10: removing nss-2:3.98.0-1.mga9.x86_64
                                 ###########################################################################################

Updated without issues
Test browse my usual sites not issues
OK

OK for me same tests like the previous version

Whiteboard: (none) => MGA9-64-OK

I used this this morning on an HP Probook 6550b, again with no issues.

Time to let it go. Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0092.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED