Mozilla has released Firefox 78.6.1 today (January 6): https://www.mozilla.org/en-US/firefox/78.6.1/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/ NSS 3.60.1 is also out (release notes not available yet): https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60.1_release_notes Update in progress (waiting on Cauldron pushes). Package list will be as follows. nss-3.60.1-1.mga7 nss-doc-3.60.1-1.mga7 libnss3-3.60.1-1.mga7 libnss-devel-3.60.1-1.mga7 libnss-static-devel-3.60.1-1.mga7 firefox-78.6.1-1.mga7 firefox-devel-78.6.1-1.mga7 firefox-af-78.6.1-1.mga7 firefox-an-78.6.1-1.mga7 firefox-ar-78.6.1-1.mga7 firefox-ast-78.6.1-1.mga7 firefox-az-78.6.1-1.mga7 firefox-be-78.6.1-1.mga7 firefox-bg-78.6.1-1.mga7 firefox-bn-78.6.1-1.mga7 firefox-br-78.6.1-1.mga7 firefox-bs-78.6.1-1.mga7 firefox-ca-78.6.1-1.mga7 firefox-cs-78.6.1-1.mga7 firefox-cy-78.6.1-1.mga7 firefox-da-78.6.1-1.mga7 firefox-de-78.6.1-1.mga7 firefox-el-78.6.1-1.mga7 firefox-en_CA-78.6.1-1.mga7 firefox-en_GB-78.6.1-1.mga7 firefox-en_US-78.6.1-1.mga7 firefox-eo-78.6.1-1.mga7 firefox-es_AR-78.6.1-1.mga7 firefox-es_CL-78.6.1-1.mga7 firefox-es_ES-78.6.1-1.mga7 firefox-es_MX-78.6.1-1.mga7 firefox-et-78.6.1-1.mga7 firefox-eu-78.6.1-1.mga7 firefox-fa-78.6.1-1.mga7 firefox-ff-78.6.1-1.mga7 firefox-fi-78.6.1-1.mga7 firefox-fr-78.6.1-1.mga7 firefox-fy_NL-78.6.1-1.mga7 firefox-ga_IE-78.6.1-1.mga7 firefox-gd-78.6.1-1.mga7 firefox-gl-78.6.1-1.mga7 firefox-gu_IN-78.6.1-1.mga7 firefox-he-78.6.1-1.mga7 firefox-hi_IN-78.6.1-1.mga7 firefox-hr-78.6.1-1.mga7 firefox-hsb-78.6.1-1.mga7 firefox-hu-78.6.1-1.mga7 firefox-hy_AM-78.6.1-1.mga7 firefox-ia-78.6.1-1.mga7 firefox-id-78.6.1-1.mga7 firefox-is-78.6.1-1.mga7 firefox-it-78.6.1-1.mga7 firefox-ja-78.6.1-1.mga7 firefox-ka-78.6.1-1.mga7 firefox-kab-78.6.1-1.mga7 firefox-kk-78.6.1-1.mga7 firefox-km-78.6.1-1.mga7 firefox-kn-78.6.1-1.mga7 firefox-ko-78.6.1-1.mga7 firefox-lij-78.6.1-1.mga7 firefox-lt-78.6.1-1.mga7 firefox-lv-78.6.1-1.mga7 firefox-mk-78.6.1-1.mga7 firefox-mr-78.6.1-1.mga7 firefox-ms-78.6.1-1.mga7 firefox-my-78.6.1-1.mga7 firefox-nb_NO-78.6.1-1.mga7 firefox-nl-78.6.1-1.mga7 firefox-nn_NO-78.6.1-1.mga7 firefox-oc-78.6.1-1.mga7 firefox-pa_IN-78.6.1-1.mga7 firefox-pl-78.6.1-1.mga7 firefox-pt_BR-78.6.1-1.mga7 firefox-pt_PT-78.6.1-1.mga7 firefox-ro-78.6.1-1.mga7 firefox-ru-78.6.1-1.mga7 firefox-si-78.6.1-1.mga7 firefox-sk-78.6.1-1.mga7 firefox-sl-78.6.1-1.mga7 firefox-sq-78.6.1-1.mga7 firefox-sr-78.6.1-1.mga7 firefox-sv_SE-78.6.1-1.mga7 firefox-ta-78.6.1-1.mga7 firefox-te-78.6.1-1.mga7 firefox-th-78.6.1-1.mga7 firefox-tl-78.6.1-1.mga7 firefox-tr-78.6.1-1.mga7 firefox-uk-78.6.1-1.mga7 firefox-ur-78.6.1-1.mga7 firefox-uz-78.6.1-1.mga7 firefox-vi-78.6.1-1.mga7 firefox-xh-78.6.1-1.mga7 firefox-zh_CN-78.6.1-1.mga7 firefox-zh_TW-78.6.1-1.mga7 from SRPMS: nss-3.60.1-1.mga7.src.rpm firefox-78.6.1-1.mga7.src.rpm firefox-l10n-78.6.1-1.mga7.src.rpm
Advisory will be as follows. Advisory: ======================== Updated firefox packages fix security vulnerability: A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code (CVE-2020-16044). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16044 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60.1_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
Advisory in Comment 1. Package list in Comment 0.
Assignee: bugsquad => qa-bugs
tested mga7-64 General browsing, video, Jetstream all OK
Whiteboard: (none) => mga7-64-okCC: (none) => wrw105
Tested MGA7-32 as above, apart from Jetstream, due to rootcerts issue. all OK.
Whiteboard: mga7-64-ok => mga7-64-ok mga7-32-ok
Firefox use is so widespread that I thought a few more tests on differing hardware, arches, and DEs would be in order before validating. To that end, I have checked this on 2 64-bit Plasma systems, one with Intel graphics and a wired Internet connection, and another with AMD processor and graphics, with Atheros-based wifi. I also checked on a 32-bit Xfce system with Intel processor, graphics, and wifi. All tests were OK. No issues noted. That should be enough. Validating. Advisory in Comment 1, package list in Comment 0.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory pushed to SVN.
CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0012.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
RedHat has issued an advisory for this today (January 11): https://access.redhat.com/errata/RHSA-2021:0052