| Summary: | Firefox 115.12 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, fri, joselp, sysadmin-bugs, tablackwell, tarazed25 |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | nss, firefox, firefox-l10n | CVE: | CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-06-11 16:22:46 CEST
Nicolas Salguero
2024-06-11 16:24:41 CEST
Source RPM:
(none) =>
nss, firefox, firefox-l10n There is also a new version of rootcerts: 20240608 Source RPM:
nss, firefox, firefox-l10n =>
rootcerts, nss, firefox, firefox-l10n Actually, certdata.txt was not modified so there is no new version of rootcerts. Source RPM:
rootcerts, nss, firefox, firefox-l10n =>
nss, firefox, firefox-l10n Handing this over to you, Nicolas. Pass it to pkg-bugs if you prefer. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free in networking. (CVE-2024-5702) Use-after-free in JavaScript object transplant. (CVE-2024-5688) External protocol handlers leaked by timing attack. (CVE-2024-5690) Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Cross-Origin Image leak via Offscreen Canvas. (CVE-2024-5693) Memory Corruption in Text Fragments. (CVE-2024-5696) Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. (CVE-2024-5700) References: https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/ https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_101.html ======================== Updated packages in core/updates_testing: ======================== lib64nss3-3.101.0-1.mga9 lib64nss-devel-3.101.0-1.mga9 lib64nss-static-devel-3.101.0-1.mga9 nss-3.101.0-1.mga9 nss-doc-3.101.0-1.mga9 firefox-115.12.0-1.mga9 firefox-af-115.12.0-1.mga9 firefox-an-115.12.0-1.mga9 firefox-ar-115.12.0-1.mga9 firefox-ast-115.12.0-1.mga9 firefox-az-115.12.0-1.mga9 firefox-be-115.12.0-1.mga9 firefox-bg-115.12.0-1.mga9 firefox-bn-115.12.0-1.mga9 firefox-br-115.12.0-1.mga9 firefox-bs-115.12.0-1.mga9 firefox-ca-115.12.0-1.mga9 firefox-cs-115.12.0-1.mga9 firefox-cy-115.12.0-1.mga9 firefox-da-115.12.0-1.mga9 firefox-de-115.12.0-1.mga9 firefox-el-115.12.0-1.mga9 firefox-en_CA-115.12.0-1.mga9 firefox-en_GB-115.12.0-1.mga9 firefox-en_US-115.12.0-1.mga9 firefox-eo-115.12.0-1.mga9 firefox-es_AR-115.12.0-1.mga9 firefox-es_CL-115.12.0-1.mga9 firefox-es_ES-115.12.0-1.mga9 firefox-es_MX-115.12.0-1.mga9 firefox-et-115.12.0-1.mga9 firefox-eu-115.12.0-1.mga9 firefox-fa-115.12.0-1.mga9 firefox-ff-115.12.0-1.mga9 firefox-fi-115.12.0-1.mga9 firefox-fr-115.12.0-1.mga9 firefox-fur-115.12.0-1.mga9 firefox-fy_NL-115.12.0-1.mga9 firefox-ga_IE-115.12.0-1.mga9 firefox-gd-115.12.0-1.mga9 firefox-gl-115.12.0-1.mga9 firefox-gu_IN-115.12.0-1.mga9 firefox-he-115.12.0-1.mga9 firefox-hi_IN-115.12.0-1.mga9 firefox-hr-115.12.0-1.mga9 firefox-hsb-115.12.0-1.mga9 firefox-hu-115.12.0-1.mga9 firefox-hy_AM-115.12.0-1.mga9 firefox-ia-115.12.0-1.mga9 firefox-id-115.12.0-1.mga9 firefox-is-115.12.0-1.mga9 firefox-it-115.12.0-1.mga9 firefox-ja-115.12.0-1.mga9 firefox-ka-115.12.0-1.mga9 firefox-kab-115.12.0-1.mga9 firefox-kk-115.12.0-1.mga9 firefox-km-115.12.0-1.mga9 firefox-kn-115.12.0-1.mga9 firefox-ko-115.12.0-1.mga9 firefox-lij-115.12.0-1.mga9 firefox-lt-115.12.0-1.mga9 firefox-lv-115.12.0-1.mga9 firefox-mk-115.12.0-1.mga9 firefox-mr-115.12.0-1.mga9 firefox-ms-115.12.0-1.mga9 firefox-my-115.12.0-1.mga9 firefox-nb_NO-115.12.0-1.mga9 firefox-nl-115.12.0-1.mga9 firefox-nn_NO-115.12.0-1.mga9 firefox-oc-115.12.0-1.mga9 firefox-pa_IN-115.12.0-1.mga9 firefox-pl-115.12.0-1.mga9 firefox-pt_BR-115.12.0-1.mga9 firefox-pt_PT-115.12.0-1.mga9 firefox-ro-115.12.0-1.mga9 firefox-ru-115.12.0-1.mga9 firefox-sc-115.12.0-1.mga9 firefox-si-115.12.0-1.mga9 firefox-sk-115.12.0-1.mga9 firefox-sl-115.12.0-1.mga9 firefox-sq-115.12.0-1.mga9 firefox-sr-115.12.0-1.mga9 firefox-sv_SE-115.12.0-1.mga9 firefox-szl-115.12.0-1.mga9 firefox-ta-115.12.0-1.mga9 firefox-te-115.12.0-1.mga9 firefox-tg-115.12.0-1.mga9 firefox-th-115.12.0-1.mga9 firefox-tl-115.12.0-1.mga9 firefox-tr-115.12.0-1.mga9 firefox-uk-115.12.0-1.mga9 firefox-ur-115.12.0-1.mga9 firefox-uz-115.12.0-1.mga9 firefox-vi-115.12.0-1.mga9 firefox-xh-115.12.0-1.mga9 firefox-zh_CN-115.12.0-1.mga9 firefox-zh_TW-115.12.0-1.mga9 from SRPMS: nss-3.101.0-1.mga9.src.rpm firefox-115.12.0-1.mga9.src.rpm firefox-l10n-115.12.0-1.mga9.src.rpm Whiteboard:
MGA9TOO =>
(none)
katnatek
2024-06-13 19:40:12 CEST
Keywords:
(none) =>
advisory mga9, x86_64 Updated Firefox with en_GB working fine here, bank, newspaper, MADB, xkcd, APOD, Youtube, localfiles ....... CC:
(none) =>
tarazed25 Mageia 9 Plasma, x86_64 Installed in Intel I5 and amd 4800H Works fine for me. I am using from yesterday. Banks, youtube, audio and video, settings, spanish translation ok. No issues for the moment. CC:
(none) =>
joselp mga9-64 Plasma X11 nvidia-current OK here Swedish localisation Settings kept Previously opened tabs restored Video sites svt.se, urplay.se, Youtube 3xBanking, tax office Saving file Printing CC:
(none) =>
fri MGA9-64 Plasma X11. No issues here. CC:
(none) =>
andrewsfarm MGA9-64, Plasma, Ryzen 3015i APU installed base update files and nss update. Working as expected. CC:
(none) =>
brtians1 M9 x86_64 xfce. Firefox 115.12 working fine, no issues CC:
(none) =>
tablackwell
Morgan Leijström
2024-06-16 00:34:15 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0222.html Resolution:
(none) =>
FIXED |