| Summary: | Firefox 115.11 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, fri, herman.viaene, joselp, sysadmin-bugs, tablackwell |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | nss, firefox, firefox-l10n | CVE: | CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 33218 | ||
|
Description
Nicolas Salguero
2024-05-14 16:54:15 CEST
Nicolas Salguero
2024-05-14 16:56:34 CEST
Whiteboard:
(none) =>
MGA9TOO Suggested advisory: ======================== The updated packages fix a security vulnerability: Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769) Use-after-free could occur when printing to PDF. (CVE-2024-4770) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. (CVE-2024-4777) References: https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/ https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html ======================== Updated packages in core/updates_testing: ======================== lib64nss3-3.100.0-1.mga9 lib64nss-devel-3.100.0-1.mga9 lib64nss-static-devel-3.100.0-1.mga9 nss-3.100.0-1.mga9 nss-doc-3.100.0-1.mga9 firefox-115.11.0-1.mga9 firefox-af-115.11.0-1.mga9 firefox-an-115.11.0-1.mga9 firefox-ar-115.11.0-1.mga9 firefox-ast-115.11.0-1.mga9 firefox-az-115.11.0-1.mga9 firefox-be-115.11.0-1.mga9 firefox-bg-115.11.0-1.mga9 firefox-bn-115.11.0-1.mga9 firefox-br-115.11.0-1.mga9 firefox-bs-115.11.0-1.mga9 firefox-ca-115.11.0-1.mga9 firefox-cs-115.11.0-1.mga9 firefox-cy-115.11.0-1.mga9 firefox-da-115.11.0-1.mga9 firefox-de-115.11.0-1.mga9 firefox-el-115.11.0-1.mga9 firefox-en_CA-115.11.0-1.mga9 firefox-en_GB-115.11.0-1.mga9 firefox-en_US-115.11.0-1.mga9 firefox-eo-115.11.0-1.mga9 firefox-es_AR-115.11.0-1.mga9 firefox-es_CL-115.11.0-1.mga9 firefox-es_ES-115.11.0-1.mga9 firefox-es_MX-115.11.0-1.mga9 firefox-et-115.11.0-1.mga9 firefox-eu-115.11.0-1.mga9 firefox-fa-115.11.0-1.mga9 firefox-ff-115.11.0-1.mga9 firefox-fi-115.11.0-1.mga9 firefox-fr-115.11.0-1.mga9 firefox-fur-115.11.0-1.mga9 firefox-fy_NL-115.11.0-1.mga9 firefox-ga_IE-115.11.0-1.mga9 firefox-gd-115.11.0-1.mga9 firefox-gl-115.11.0-1.mga9 firefox-gu_IN-115.11.0-1.mga9 firefox-he-115.11.0-1.mga9 firefox-hi_IN-115.11.0-1.mga9 firefox-hr-115.11.0-1.mga9 firefox-hsb-115.11.0-1.mga9 firefox-hu-115.11.0-1.mga9 firefox-hy_AM-115.11.0-1.mga9 firefox-ia-115.11.0-1.mga9 firefox-id-115.11.0-1.mga9 firefox-is-115.11.0-1.mga9 firefox-it-115.11.0-1.mga9 firefox-ja-115.11.0-1.mga9 firefox-ka-115.11.0-1.mga9 firefox-kab-115.11.0-1.mga9 firefox-kk-115.11.0-1.mga9 firefox-km-115.11.0-1.mga9 firefox-kn-115.11.0-1.mga9 firefox-ko-115.11.0-1.mga9 firefox-lij-115.11.0-1.mga9 firefox-lt-115.11.0-1.mga9 firefox-lv-115.11.0-1.mga9 firefox-mk-115.11.0-1.mga9 firefox-mr-115.11.0-1.mga9 firefox-ms-115.11.0-1.mga9 firefox-my-115.11.0-1.mga9 firefox-nb_NO-115.11.0-1.mga9 firefox-nl-115.11.0-1.mga9 firefox-nn_NO-115.11.0-1.mga9 firefox-oc-115.11.0-1.mga9 firefox-pa_IN-115.11.0-1.mga9 firefox-pl-115.11.0-1.mga9 firefox-pt_BR-115.11.0-1.mga9 firefox-pt_PT-115.11.0-1.mga9 firefox-ro-115.11.0-1.mga9 firefox-ru-115.11.0-1.mga9 firefox-sc-115.11.0-1.mga9 firefox-si-115.11.0-1.mga9 firefox-sk-115.11.0-1.mga9 firefox-sl-115.11.0-1.mga9 firefox-sq-115.11.0-1.mga9 firefox-sr-115.11.0-1.mga9 firefox-sv_SE-115.11.0-1.mga9 firefox-szl-115.11.0-1.mga9 firefox-ta-115.11.0-1.mga9 firefox-te-115.11.0-1.mga9 firefox-tg-115.11.0-1.mga9 firefox-th-115.11.0-1.mga9 firefox-tl-115.11.0-1.mga9 firefox-tr-115.11.0-1.mga9 firefox-uk-115.11.0-1.mga9 firefox-ur-115.11.0-1.mga9 firefox-uz-115.11.0-1.mga9 firefox-vi-115.11.0-1.mga9 firefox-xh-115.11.0-1.mga9 firefox-zh_CN-115.11.0-1.mga9 firefox-zh_TW-115.11.0-1.mga9 from SRPMS: nss-3.100.0-1.mga9.src.rpm firefox-115.11.0-1.mga9.src.rpm firefox-l10n-115.11.0-1.mga9.src.rpm Whiteboard:
MGA9TOO =>
(none)
katnatek
2024-05-16 04:19:22 CEST
Keywords:
(none) =>
advisory MGA9-64 Plasma Wayland on HP-Pavillion. No installation issues and it seems working normally on different sites. CC:
(none) =>
herman.viaene
Nicolas Salguero
2024-05-16 14:37:35 CEST
Blocks:
(none) =>
33218 mga9-64 OK here Plasma X11, nvidia-current on one machine, nouveau on another clean update Swedish locale Remembered settings and a hundred+ open tabs Video sites Banking sites Webshops Mageia pages :) Printing Below, see output from launching it in konsole. Probably no problem. No usage issue noted. [ettan@localhost ~]$ firefox kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "Mozilla Firefox" msgid_plural: "" msgctxt: "" kf.kio.core: Malformed JSON protocol file for protocol: "trash" , number of the ExtraNames fields should match the number of ExtraTypes fields [Parent 322843, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.11.0/toolkit/xre/nsSigHandlers.cpp:167 (firefox:322843): GLib-GIO-WARNING **: 09:45:14.772: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations. [Parent 322843, Main Thread] WARNING: g_object_ref: assertion 'G_IS_OBJECT (object)' failed: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.11.0/toolkit/xre/nsSigHandlers.cpp:167 (firefox:322843): GLib-GObject-CRITICAL **: 09:48:00.200: g_object_ref: assertion 'G_IS_OBJECT (object)' failed (/usr/lib64/firefox/firefox:323061): dconf-WARNING **: 09:48:00.328: Unable to open /var/lib/flatpak/exports/share/dconf/profile/user: Åtkomst nekas CC:
(none) =>
fri VM mageia 9 x86_64 updated without issues rpm -qa|grep firefox firefox-115.11.0-1.mga9 firefox-en_US-115.11.0-1.mga9 firefox-es_ES-115.11.0-1.mga9 firefox-en_GB-115.11.0-1.mga9 firefox-en_CA-115.11.0-1.mga9 firefox-es_CL-115.11.0-1.mga9 firefox-es_MX-115.11.0-1.mga9 firefox-es_AR-115.11.0-1.mga9 rpm -qa|grep nss|grep 3.100 nss-3.100.0-1.mga9 lib64nss3-3.100.0-1.mga9 facebook OK Youtube OK Post this comment from the updated firefox Hi, Installed today in Mga 9 Plasma X86_64. Works fine for the moment. Banks, settings, addons, spanish translation, digital certificates, sound and video ok. Greetings! CC:
(none) =>
joselp We have a good set of test in x86_64 Whiteboard:
(none) =>
MGA9-64-OK mga9-64, cinnamon, nouveau working as expected, i've been using it for a bunch of functions without issue. CC:
(none) =>
brtians1 M9 x86_64, xfce. Working fine. In particular I note my pre-existing citrix workspace apps continue to work without problem after the upgrade. CC:
(none) =>
tablackwell Working well in 64- bit for me, too. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0189.html Resolution:
(none) =>
FIXED |