Mozilla has released Firefox 78.12.0 today (July 12): https://www.mozilla.org/en-US/firefox/78.12.0/releasenotes/ The release notes for 78.12.0 are not available yet as of this posting. NSPR 4.32 and NSS 3.68 are also out: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/M01xJ10PkAc https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.68_release_notes NSS 3.68 release notes also not available yet as of this posting, and 3.67's are only here currently: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/tq8zqPNVtK8 There is a new nssckbi.h for rootcerts available too that was missed (by upstream) in the last update. Update in progress.
Package list should be as follows. Updated packages in core/updates_testing: ======================================== libnspr4-4.32-1.mga8 libnspr-devel-4.32-1.mga8 rootcerts-20210525.00-1.1.mga8 rootcerts-java-20210525.00-1.1.mga8 nss-3.68.0-1.mga8 nss-doc-3.68.0-1.mga8 libnss3-3.68.0-1.mga8 libnss-devel-3.68.0-1.mga8 libnss-static-devel-3.68.0-1.mga8 firefox-78.12.0-1.mga8 firefox-devel-78.12.0-1.mga8 firefox-af-78.12.0-1.mga8 firefox-an-78.12.0-1.mga8 firefox-ar-78.12.0-1.mga8 firefox-ast-78.12.0-1.mga8 firefox-az-78.12.0-1.mga8 firefox-be-78.12.0-1.mga8 firefox-bg-78.12.0-1.mga8 firefox-bn-78.12.0-1.mga8 firefox-br-78.12.0-1.mga8 firefox-bs-78.12.0-1.mga8 firefox-ca-78.12.0-1.mga8 firefox-cs-78.12.0-1.mga8 firefox-cy-78.12.0-1.mga8 firefox-da-78.12.0-1.mga8 firefox-de-78.12.0-1.mga8 firefox-el-78.12.0-1.mga8 firefox-en_CA-78.12.0-1.mga8 firefox-en_GB-78.12.0-1.mga8 firefox-en_US-78.12.0-1.mga8 firefox-eo-78.12.0-1.mga8 firefox-es_AR-78.12.0-1.mga8 firefox-es_CL-78.12.0-1.mga8 firefox-es_ES-78.12.0-1.mga8 firefox-es_MX-78.12.0-1.mga8 firefox-et-78.12.0-1.mga8 firefox-eu-78.12.0-1.mga8 firefox-fa-78.12.0-1.mga8 firefox-ff-78.12.0-1.mga8 firefox-fi-78.12.0-1.mga8 firefox-fr-78.12.0-1.mga8 firefox-fy_NL-78.12.0-1.mga8 firefox-ga_IE-78.12.0-1.mga8 firefox-gd-78.12.0-1.mga8 firefox-gl-78.12.0-1.mga8 firefox-gu_IN-78.12.0-1.mga8 firefox-he-78.12.0-1.mga8 firefox-hi_IN-78.12.0-1.mga8 firefox-hr-78.12.0-1.mga8 firefox-hsb-78.12.0-1.mga8 firefox-hu-78.12.0-1.mga8 firefox-hy_AM-78.12.0-1.mga8 firefox-ia-78.12.0-1.mga8 firefox-id-78.12.0-1.mga8 firefox-is-78.12.0-1.mga8 firefox-it-78.12.0-1.mga8 firefox-ja-78.12.0-1.mga8 firefox-ka-78.12.0-1.mga8 firefox-kab-78.12.0-1.mga8 firefox-kk-78.12.0-1.mga8 firefox-km-78.12.0-1.mga8 firefox-kn-78.12.0-1.mga8 firefox-ko-78.12.0-1.mga8 firefox-lij-78.12.0-1.mga8 firefox-lt-78.12.0-1.mga8 firefox-lv-78.12.0-1.mga8 firefox-mk-78.12.0-1.mga8 firefox-mr-78.12.0-1.mga8 firefox-ms-78.12.0-1.mga8 firefox-my-78.12.0-1.mga8 firefox-nb_NO-78.12.0-1.mga8 firefox-nl-78.12.0-1.mga8 firefox-nn_NO-78.12.0-1.mga8 firefox-oc-78.12.0-1.mga8 firefox-pa_IN-78.12.0-1.mga8 firefox-pl-78.12.0-1.mga8 firefox-pt_BR-78.12.0-1.mga8 firefox-pt_PT-78.12.0-1.mga8 firefox-ro-78.12.0-1.mga8 firefox-ru-78.12.0-1.mga8 firefox-si-78.12.0-1.mga8 firefox-sk-78.12.0-1.mga8 firefox-sl-78.12.0-1.mga8 firefox-sq-78.12.0-1.mga8 firefox-sr-78.12.0-1.mga8 firefox-sv_SE-78.12.0-1.mga8 firefox-ta-78.12.0-1.mga8 firefox-te-78.12.0-1.mga8 firefox-th-78.12.0-1.mga8 firefox-tl-78.12.0-1.mga8 firefox-tr-78.12.0-1.mga8 firefox-uk-78.12.0-1.mga8 firefox-ur-78.12.0-1.mga8 firefox-uz-78.12.0-1.mga8 firefox-vi-78.12.0-1.mga8 firefox-xh-78.12.0-1.mga8 firefox-zh_CN-78.12.0-1.mga8 firefox-zh_TW-78.12.0-1.mga8 from SRPMS: nspr-4.32-1.mga8.src.rpm rootcerts-20210525.00-1.1.mga8.src.rpm nss-3.68.0-1.mga8.src.rpm firefox-78.12.0-1.mga8.src.rpm firefox-l10n-78.12.0-1.mga8.src.rpm
Packages should be available on your local mirror in the next few hours.
Assignee: bugsquad => qa-bugs
Release notes are posted. Also this is working fine for me on Mageia 8 x86_64. Advisory: ======================== Updated firefox packages fix security vulnerabilities: A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970). Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29976). An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash (CVE-2021-30547). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547 https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/M01xJ10PkAc https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.68_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/
Using QARepo: $ LANG=C sudo urpmi --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") firefox 78.12.0 1.mga8 x86_64 firefox-fr 78.12.0 1.mga8 noarch lib64nspr4 4.32 1.mga8 x86_64 lib64nss3 3.68.0 1.mga8 x86_64 nss 3.68.0 1.mga8 x86_64 rootcerts 20210525.00 1.1.mga8 noarch rootcerts-java 20210525.00 1.1.mga8 noarch 140KB of disk space will be freed. 67MB of packages will be retrieved. Proceed with the installation of the 7 packages? (Y/n) y installing lib64nspr4-4.32-1.mga8.x86_64.rpm lib64nss3-3.68.0-1.mga8.x86_64.rpm firefox-fr-78.12.0-1.mga8.noarch.rpm rootcerts-20210525.00-1.1.mga8.noarch.rpm nss-3.68.0-1.mga8.x86_64.rpm rootcerts-java-20210525.00-1.1.mga8.noarch.rpm firefox-78.12.0-1.mga8.x86_64.rpm from //home/aurelien/qa-testing/x86_64 Preparing... ########################################################################## 1/7: lib64nspr4 ########################################################################## 2/7: nss ########################################################################## 3/7: lib64nss3 ########################################################################## 4/7: firefox-fr ########################################################################## 5/7: firefox ########################################################################## 6/7: rootcerts-java ########################################################################## 7/7: rootcerts ########################################################################## 1/7: removing firefox-fr-78.11.0-1.mga8.noarch ########################################################################## 2/7: removing rootcerts-java-1:20210525.00-1.mga8.noarch ########################################################################## 3/7: removing rootcerts-1:20210525.00-1.mga8.noarch ########################################################################## 4/7: removing firefox-0:78.11.0-1.mga8.x86_64 ########################################################################## 5/7: removing lib64nss3-2:3.66.0-1.mga8.x86_64 ########################################################################## 6/7: removing nss-2:3.66.0-1.mga8.x86_64 ########################################################################## 7/7: removing lib64nspr4-2:4.31-1.mga8.x86_64 ########################################################################## Updated OK. Testing basic browsing, SSL OK Widevine-enabled sites OK Printing OK UI in French for me OK. Giving this an OK.
CC: (none) => ouaurelien
OK here mga8 x86_64, Plasma, nvidia-current, Swedish Picks up previously opened tabs, settings... Did some banking, forums, watched videos,
CC: (none) => fri
MGA8 - 64 - GNOME - Laptop The following 11 packages are going to be installed: - firefox-78.12.0-1.mga8.x86_64 - firefox-en_CA-78.12.0-1.mga8.noarch - firefox-en_GB-78.12.0-1.mga8.noarch - firefox-en_US-78.12.0-1.mga8.noarch - glibc-2.32-17.mga8.x86_64 - glibc-devel-2.32-17.mga8.x86_64 - lib64nspr4-4.32-1.mga8.x86_64 - lib64nss3-3.68.0-1.mga8.x86_64 - nss-3.68.0-1.mga8.x86_64 - rootcerts-20210525.00-1.1.mga8.noarch - rootcerts-java-20210525.00-1.1.mga8.noarch rebooted browser working as expected.
CC: (none) => brtians1
Blocks: (none) => 29258
RedHat has issued an advisory for this today (July 15): https://access.redhat.com/errata/RHSA-2021:2741
Mageia 8 X64 urpmi --media "Core Updates testing" firefox Pour satisfaire les dépendances, les paquetages suivants vont être installés : Paquetage Version Révision Arch (média « Core Updates Testing ») firefox 78.12.0 1.mga8 x86_64 firefox-fr 78.12.0 1.mga8 noarch un espace de 188Ko sera libéré. 57Mo de paquets seront récupérés. Procéder à l'installation des 2 paquetages ? (O/n) O $MIRRORLIST: media/core/updates_testing/firefox-fr-78.12.0-1.mga8.noarch.rpm $MIRRORLIST: media/core/updates_testing/firefox-78.12.0-1.mga8.x86_64.rpm installation de firefox-fr-78.12.0-1.mga8.noarch.rpm firefox-78.12.0-1.mga8.x86_64.rpm depuis /var/cache/urpmi/rpms Préparation... ############################################# 1/2: firefox ############################################# 2/2: firefox-fr ############################################# 1/2: désinstallation de firefox-fr-78.11.0-1.mga8.noarch ############################################# 2/2: désinstallation de firefox-0:78.11.0-1.mga8.x86_64 ############################################# rpm -q firefox firefox-78.12.0-1.mga8 Signets are stil there :) Tested with youtube, Twitch and others sites without problems
CC: (none) => hdetavernier
Tested mga8-64 General browsing, video, jetstream all OK
CC: (none) => wrw105Whiteboard: (none) => mga8-64-ok
Tested in MGA8 64-bit. Languages are German and Brazilian Portuguese. No regression found.
CC: (none) => bequimao.de
It works OK under a MGA8-32 Plasma VM. Validating. Advisory committed to SVN.
Keywords: (none) => advisory, validated_updateWhiteboard: mga8-64-ok => MGA8-64-OK MGA8-32-OKCVE: (none) => CVE-2021-29970, CVE-2021-29976, CVE-2021-30547CC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0354.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
NSS 3.68's release notes are finally available here: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_68.html