Mozilla has released Firefox 78.9.0 on March 23: https://www.mozilla.org/en-US/firefox/78.9.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/ Mageia 7 and 8 also affected.
Source RPM: (none) => firefox, firefox-l10nWhiteboard: (none) => MGA8TOO, MGA7TOO
NSS 3.63 is also out: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.63_release_notes
Source RPM: firefox, firefox-l10n => firefox, firefox-l10n, nss
Blocks: (none) => 28642
Summary: Firefox 78.9 => Firefox 78.9 and NSS 3.63
There is also a new release of NSPR (4.30) which is required by NSS 3.63: https://groups.google.com/g/mozilla.dev.tech.nspr/c/wwXfLFWZRlA
Source RPM: firefox, firefox-l10n, nss => firefox, firefox-l10n, nss, nsprSummary: Firefox 78.9 and NSS 3.63 => Firefox 78.9 NSPR 4.30 and NSS 3.63
Summary: Firefox 78.9 NSPR 4.30 and NSS 3.63 => Firefox 78.9, NSPR 4.30 and NSS 3.63
There is also rootcerts 20210308.
Source RPM: firefox, firefox-l10n, nss, nspr => firefox, firefox-l10n, nss, nspr, rootcerts
Oops, finally rootcerts appears to be the same as current version.
Source RPM: firefox, firefox-l10n, nss, nspr, rootcerts => firefox, firefox-l10n, nss, nspr
Assigning it to you, Nicolas, as you are already very involved!
Assignee: bugsquad => nicolas.salguero
pushed in cauldron mga7/8 by Nicolas: src: - mageia 7: - nss-3.63.0-1.mga7 - nspr-4.30-1.mga7 - firefox-78.9.0-1.mga7 - firefox-l10n-78.9.0-1.mga7 - mageia 8: - nss-3.63.0-1.mga8 - nspr-4.30-1.mga8 - firefox-78.9.0-1.mga8 - firefox-l10n-78.9.0-1.mga8
Version: Cauldron => 8Assignee: nicolas.salguero => qa-bugsCC: (none) => mageiaWhiteboard: MGA8TOO, MGA7TOO => MGA7TOO
mga7-64 Plasma Nvidia-current quick test OK Picking up settings and previous open tabs Swedish locale Video playing on various sites Banking logins and other Viewing and printing pdf
CC: (none) => fri
MGA8-64 Gnome nvidia (390) - phys hardware. The following 6 packages are going to be installed: - firefox-78.9.0-1.mga8.x86_64 - firefox-en_GB-78.9.0-1.mga8.noarch - firefox-en_US-78.9.0-1.mga8.noarch - lib64nspr4-4.30-1.mga8.x86_64 - lib64nss3-3.63.0-1.mga8.x86_64 - nss-3.63.0-1.mga8.x86_64 Used it for videos, etc. Working
CC: (none) => brtians1
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Texture upload into an unbound backing buffer resulted in an out-of-bound read. (CVE-2021-23981) Angle graphics library out of date. (MOZ-2021-0002) Internal network hosts could have been probed by a malicious webpage. (CVE-2021-23982) Malicious extensions could have spoofed popup information. (CVE-2021-23984) Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9. (CVE-2021-23987) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987 https://www.mozilla.org/en-US/firefox/78.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/ https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.63_release_notes https://groups.google.com/g/mozilla.dev.tech.nspr/c/wwXfLFWZRlA
Status: NEW => ASSIGNED
T have been using this for a few hours now on mga8-64 Plasma. No issues noted.
CC: (none) => andrewsfarm
MGA8 XFCE with core I3 4 Go RAM Nvidia driver 390 Update with QA repo and with: firefox-78.9.0-1.mga8 firefox-fr-78.9.0-1.mga8 Installation OK, Bank sit, Netflix, Mastodon ok Element Matrix NOK, Can't connect to server, it was the same problem on older versions
CC: (none) => guillaume.royer
MGA7 GNOME with core I3 4 Go RAM Nvidia driver 390 Update with QA repo and with: nss-3.63.0-1.mga7 firefox-78.9.0-1.mga7 firefox-fr-78.9.0-1.mga7 lib64nspr4-4.30-1.mga7 Installation OK, Bank sit, Netflix, Mastodon ok Element Matrix NOK, Can't connect to server, it was the same problem on older versions
Tested mga8-64 Jetstream, general browsing, video (Youtube), all OK.
CC: (none) => wrw105Whiteboard: MGA7TOO => MGA7TOO mga8-64-ok
MG8-64, Plasma Tested, seems to be working as expected.
tested mga8-32 in virtualbox guest tested as above, all OK.
Whiteboard: MGA7TOO mga8-64-ok => MGA7TOO mga8-64-ok mga8-32-ok
Tested mga7-32 in virtualbox, as above, all ok.
Whiteboard: MGA7TOO mga8-64-ok mga8-32-ok => MGA7TOO mga8-64-ok mga8-32-ok mga7-32-ok
Validating.
CC: (none) => ouaurelien, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0163.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this on March 25: https://access.redhat.com/errata/RHSA-2021:0990
I was notified by Christian Fischer that the MOZ vulnerabilities have CVEs. SVN advisory updated. Mageia Advisory: https://advisories.mageia.org/MGASA-2021-0163.html Mozilla Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/ Suggested change(s): MOZ-2021-0002 -> CVE-2021-4127