+++ This bug was initially created as a clone of Bug #26711 +++ Mozilla has released Firefox 68.9.0 on June 1: https://www.mozilla.org/en-US/firefox/68.9.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/ NSS 3.52.1 is also out: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes Update in progress. Moving it to this bug to use the old one for ESR 78. Advisory: ======================== Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys (CVE-2020-12399). When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash due to a use-after-free (CVE-2020-12405). Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash due to type confusion with NativeTypes. We presume that with enough effort that it could be exploited to run arbitrary code (CVE-2020-12406). Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12410). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/ ======================== Updated packages in core/updates_testing: ======================== rootcerts-20200527.00-1.mga7 rootcerts-java-20200527.00-1.mga7 nss-3.52.1-1.mga7 nss-doc-3.52.1-1.mga7 libnss3-3.52.1-1.mga7 libnss-devel-3.52.1-1.mga7 libnss-static-devel-3.52.1-1.mga7 firefox-68.9.0-1.mga7 firefox-devel-68.9.0-1.mga7 firefox-af-68.9.0-1.mga7 firefox-an-68.9.0-1.mga7 firefox-ar-68.9.0-1.mga7 firefox-ast-68.9.0-1.mga7 firefox-az-68.9.0-1.mga7 firefox-bg-68.9.0-1.mga7 firefox-bn-68.9.0-1.mga7 firefox-br-68.9.0-1.mga7 firefox-bs-68.9.0-1.mga7 firefox-ca-68.9.0-1.mga7 firefox-cs-68.9.0-1.mga7 firefox-cy-68.9.0-1.mga7 firefox-da-68.9.0-1.mga7 firefox-de-68.9.0-1.mga7 firefox-el-68.9.0-1.mga7 firefox-en_GB-68.9.0-1.mga7 firefox-en_US-68.9.0-1.mga7 firefox-eo-68.9.0-1.mga7 firefox-es_AR-68.9.0-1.mga7 firefox-es_CL-68.9.0-1.mga7 firefox-es_ES-68.9.0-1.mga7 firefox-es_MX-68.9.0-1.mga7 firefox-et-68.9.0-1.mga7 firefox-eu-68.9.0-1.mga7 firefox-fa-68.9.0-1.mga7 firefox-ff-68.9.0-1.mga7 firefox-fi-68.9.0-1.mga7 firefox-fr-68.9.0-1.mga7 firefox-fy_NL-68.9.0-1.mga7 firefox-ga_IE-68.9.0-1.mga7 firefox-gd-68.9.0-1.mga7 firefox-gl-68.9.0-1.mga7 firefox-gu_IN-68.9.0-1.mga7 firefox-he-68.9.0-1.mga7 firefox-hi_IN-68.9.0-1.mga7 firefox-hr-68.9.0-1.mga7 firefox-hsb-68.9.0-1.mga7 firefox-hu-68.9.0-1.mga7 firefox-hy_AM-68.9.0-1.mga7 firefox-id-68.9.0-1.mga7 firefox-is-68.9.0-1.mga7 firefox-it-68.9.0-1.mga7 firefox-ja-68.9.0-1.mga7 firefox-kk-68.9.0-1.mga7 firefox-km-68.9.0-1.mga7 firefox-kn-68.9.0-1.mga7 firefox-ko-68.9.0-1.mga7 firefox-lij-68.9.0-1.mga7 firefox-lt-68.9.0-1.mga7 firefox-lv-68.9.0-1.mga7 firefox-mk-68.9.0-1.mga7 firefox-mr-68.9.0-1.mga7 firefox-ms-68.9.0-1.mga7 firefox-nb_NO-68.9.0-1.mga7 firefox-nl-68.9.0-1.mga7 firefox-nn_NO-68.9.0-1.mga7 firefox-pa_IN-68.9.0-1.mga7 firefox-pl-68.9.0-1.mga7 firefox-pt_BR-68.9.0-1.mga7 firefox-pt_PT-68.9.0-1.mga7 firefox-ro-68.9.0-1.mga7 firefox-ru-68.9.0-1.mga7 firefox-si-68.9.0-1.mga7 firefox-sk-68.9.0-1.mga7 firefox-sl-68.9.0-1.mga7 firefox-sq-68.9.0-1.mga7 firefox-sr-68.9.0-1.mga7 firefox-sv_SE-68.9.0-1.mga7 firefox-ta-68.9.0-1.mga7 firefox-te-68.9.0-1.mga7 firefox-th-68.9.0-1.mga7 firefox-tr-68.9.0-1.mga7 firefox-uk-68.9.0-1.mga7 firefox-uz-68.9.0-1.mga7 firefox-vi-68.9.0-1.mga7 firefox-xh-68.9.0-1.mga7 firefox-zh_CN-68.9.0-1.mga7 firefox-zh_TW-68.9.0-1.mga7 from SRPMS: rootcerts-20200527.00-1.mga7.src.rpm nss-3.52.1-1.mga7.src.rpm firefox-68.9.0-1.mga7.src.rpm firefox-l10n-68.9.0-1.mga7.src.rpm
OK 64 bit plasma, nvidia-proprietary, intel i7 Swedish localisation, resumes ~200 tabs (yeah..) from previous version, plays videos from svtplay.se and youtube, adobe flash test, surfing for a while...
CC: (none) => fri
i5 2500, Intel graphics, wired Internet, 64-bit Plasma system. Packages updated cleanly. Ran the browser, went here and there, tried this and that, no issues noted so far.
CC: (none) => andrewsfarm
All is nice with Dell D600 32 bits. Even Youtube plays at 240p ;-)
CC: (none) => lists.jjorgeWhiteboard: (none) => MGA7-32-OK
Hello! I installed new version on real equipment Mageia 7 x64 Plasma. It works ok, I have the bookmarks I had, the add-ons, the account is still synchronized, I have browsed several pages, the audio on web as youtube works, everything ok. Greetings!!
CC: (none) => joselp
on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.9.0-1.mga7.x86_64 - firefox-en_GB-68.9.0-1.mga7.noarch - firefox-en_US-68.9.0-1.mga7.noarch - lib64nss3-3.52.1-1.mga7.x86_64 - nss-3.52.1-1.mga7.x86_64 - rootcerts-20200527.00-1.mga7.noarch - rootcerts-java-20200527.00-1.mga7.noarch no regressions observed looks OK for mga7-64
CC: (none) => jim
Enough tests to suit me. Validating. Advisory in Comment 0.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA7-32-OK => MGA7-32-OK MGA7-64-OK
Depends on: (none) => 26890
This never got pushed and has been superceded.
Assignee: qa-bugs => luigiwalserKeywords: validated_update => (none)Whiteboard: MGA7-32-OK MGA7-64-OK => (none)
Fixed in: https://advisories.mageia.org/MGASA-2020-0274.html
Status: NEW => RESOLVEDResolution: (none) => FIXED