Bug 29373 - Firefox 91.1
Summary: Firefox 91.1
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK MGA8-32-OK
Keywords: validated_update
Depends on:
Blocks: 29378
  Show dependency treegraph
 
Reported: 2021-08-15 20:31 CEST by David Walser
Modified: 2021-09-14 11:41 CEST (History)
9 users (show)

See Also:
Source RPM: firefox
CVE:
Status comment:


Attachments

Description David Walser 2021-08-15 20:31:13 CEST
Mozilla has released Firefox 91.0 on August 10:
https://www.mozilla.org/en-US/firefox/91.0esr/releasenotes/
https://support.mozilla.org/kb/firefox-enterprise-91-release-notes

*** NOTE: this is for internal testing only.  Do not validate this. ***

Updated packages in core/updates_testing:
========================================
firefox-91.0-1.mga8
firefox-ru-91.0-1.mga8
firefox-uk-91.0-1.mga8
firefox-be-91.0-1.mga8
firefox-el-91.0-1.mga8
firefox-kk-91.0-1.mga8
firefox-th-91.0-1.mga8
firefox-pa_IN-91.0-1.mga8
firefox-ka-91.0-1.mga8
firefox-ja-91.0-1.mga8
firefox-bg-91.0-1.mga8
firefox-sr-91.0-1.mga8
firefox-hy_AM-91.0-1.mga8
firefox-ko-91.0-1.mga8
firefox-zh_TW-91.0-1.mga8
firefox-vi-91.0-1.mga8
firefox-zh_CN-91.0-1.mga8
firefox-hu-91.0-1.mga8
firefox-bn-91.0-1.mga8
firefox-hi_IN-91.0-1.mga8
firefox-ar-91.0-1.mga8
firefox-sk-91.0-1.mga8
firefox-cs-91.0-1.mga8
firefox-ur-91.0-1.mga8
firefox-hsb-91.0-1.mga8
firefox-lt-91.0-1.mga8
firefox-te-91.0-1.mga8
firefox-fr-91.0-1.mga8
firefox-he-91.0-1.mga8
firefox-pl-91.0-1.mga8
firefox-sq-91.0-1.mga8
firefox-fa-91.0-1.mga8
firefox-de-91.0-1.mga8
firefox-oc-91.0-1.mga8
firefox-tr-91.0-1.mga8
firefox-kab-91.0-1.mga8
firefox-es_MX-91.0-1.mga8
firefox-es_AR-91.0-1.mga8
firefox-es_CL-91.0-1.mga8
firefox-pt_PT-91.0-1.mga8
firefox-fy_NL-91.0-1.mga8
firefox-pt_BR-91.0-1.mga8
firefox-gl-91.0-1.mga8
firefox-cy-91.0-1.mga8
firefox-sv_SE-91.0-1.mga8
firefox-gd-91.0-1.mga8
firefox-km-91.0-1.mga8
firefox-ro-91.0-1.mga8
firefox-mr-91.0-1.mga8
firefox-gu_IN-91.0-1.mga8
firefox-hr-91.0-1.mga8
firefox-sl-91.0-1.mga8
firefox-nl-91.0-1.mga8
firefox-es_ES-91.0-1.mga8
firefox-eo-91.0-1.mga8
firefox-ca-91.0-1.mga8
firefox-da-91.0-1.mga8
firefox-fi-91.0-1.mga8
firefox-eu-91.0-1.mga8
firefox-ia-91.0-1.mga8
firefox-nn_NO-91.0-1.mga8
firefox-nb_NO-91.0-1.mga8
firefox-br-91.0-1.mga8
firefox-id-91.0-1.mga8
firefox-tl-91.0-1.mga8
firefox-my-91.0-1.mga8
firefox-ta-91.0-1.mga8
firefox-en_GB-91.0-1.mga8
firefox-szl-91.0-1.mga8
firefox-en_CA-91.0-1.mga8
firefox-an-91.0-1.mga8
firefox-ast-91.0-1.mga8
firefox-kn-91.0-1.mga8
firefox-az-91.0-1.mga8
firefox-si-91.0-1.mga8
firefox-en_US-91.0-1.mga8
firefox-et-91.0-1.mga8
firefox-ff-91.0-1.mga8
firefox-lij-91.0-1.mga8
firefox-uz-91.0-1.mga8
firefox-is-91.0-1.mga8
firefox-mk-91.0-1.mga8
firefox-lv-91.0-1.mga8
firefox-bs-91.0-1.mga8
firefox-ga_IE-91.0-1.mga8
firefox-it-91.0-1.mga8
firefox-ms-91.0-1.mga8
firefox-xh-91.0-1.mga8
firefox-af-91.0-1.mga8

from SRPMS:
firefox-91.0-1.mga8.src.rpm
firefox-l10n-91.0-1.mga8.src.rpm
Comment 1 Len Lawrence 2021-08-16 01:32:46 CEST
mga8, x64, nvidia

Installed the new version while firefox was running.  Could not close firefox so had to resort to killall.  Selected a theme from the list presented.  Current bookmarks displayed in the bookmarks sidebar and previous tabs restored.
Searched the web with DuckDuckGo.  Played video at Youtube.  This offered PIP mode, picture in picture which appeared to work when selected but went away when I did other things in firefox.  Preview mode in this comment worked.

Accessed CUPS page:
$ firefox localhost:631
Raised a tab on the NASA Curosity site from the cli.
Tried to login to phpMyAdmin but could not find the password but at least the prompts come up.
Webmail works for gmail.  downloads bookmark allowed local file browsing just like a regular file manager.

So far so good.

CC: (none) => tarazed25

Comment 2 Len Lawrence 2021-08-16 01:44:27 CEST
Addendum to comment 1.
Assigned a new password to root and logged in to phpMyAdmin OK and loaded an existing table.
Comment 3 Herman Viaene 2021-08-16 09:54:27 CEST
MGA8-64 Plasma on Lenovo B50
N installation issues.
Tested on usual newspapersite with text, imahes, sound, video: all OK
Followed Len's lead and tried phpMyAdmin, could connect and display an existing table.

CC: (none) => herman.viaene

Comment 4 Jose Manuel López 2021-08-16 10:41:04 CEST
MGA8-64 Plasma on Virtualbox.

Updated frome Firefox 78.13. The buttons for maximize, minimize and close, don't see well. After reboot this issue have fixed.

The language spanish (firefox es-es package) don't have applicated and Firefox show in english. I delete the .mozilla folder, for create a new firefox configuration, but the language issue persist still.

The Mageia installation on Virtualbox is new, with plasma without additional configuration.

Greetings!!

CC: (none) => joselp

Comment 5 Dave Hodgins 2021-08-16 17:27:22 CEST
(In reply to Jose Manuel López from comment #4)
> MGA8-64 Plasma on Virtualbox.
> 
> Updated frome Firefox 78.13. The buttons for maximize, minimize and close,
> don't see well. After reboot this issue have fixed.
> 
> The language spanish (firefox es-es package) don't have applicated and
> Firefox show in english. I delete the .mozilla folder, for create a new
> firefox configuration, but the language issue persist still.

It's not unusual when installing from updates testing, that the main firefox
package appears on the mirror before the language packages. Installing during
this time will result in firefox switching back to it's built in English.

If you use a language other then American English, make sure the language
package is available before installing both it and the main firefox package.

Note that this is similar to cauldron, but does not occur for people using
the normal updates repositories.

CC: (none) => davidwhodgins

Comment 6 Jose Manuel López 2021-08-17 08:46:40 CEST
The language package firefox-es_ES-91.0-1.mga8 is here, but Firefox 91 show in english.
Comment 7 David Walser 2021-08-17 16:52:19 CEST
Mozilla has released Firefox 91.0.1 today (August 17):
https://www.mozilla.org/en-US/firefox/91.0.1esr/releasenotes/

I'll work on updating it later.
Comment 8 David Walser 2021-08-17 20:43:02 CEST
Update pushed to the build system, should be available by the end of the day.
Comment 9 Jose Manuel López 2021-08-18 08:30:58 CEST
After the last update, Firefox show in english still, although I have installed the spanish language.

I tried to reinstall Firefox and the issue persist.

Greetings!
Comment 10 Thomas Andrews 2021-08-18 14:05:41 CEST
Is it possible that the language setting has been changed in a way that the old setting is no longer recognized? "Improvements" like that have happened before.

Jose, have you tried to re-set the language preference manually?

CC: (none) => andrewsfarm

Comment 11 Jose Manuel López 2021-08-18 17:13:16 CEST
If I add manually the spanish language in Firefox settings, Firefox now show all in spanish.

But I think that the build no works fine, because I am working in a Virtualbox with a clean installation of Mageia and Firefox.

Greetings!
Comment 12 David Walser 2021-08-18 17:16:38 CEST
Thierry, do you have any thoughts on it not recognizing/using the language pack?

CC: (none) => thierry.vignaud

Comment 13 Thomas Andrews 2021-08-18 18:27:01 CEST
Another question comes to mind: Does this language recognition problem happen when updating other versions of the ESR, or just ours? And if just ours, what's different about us?
Comment 14 David Walser 2021-08-18 18:28:27 CEST
There's really nothing to compare it to.  firefox-l10n installs the xpi file for the language pack in a system-wide directory.  Installing it through Firefox yourself just installs it in your profile, which is what you would have to do if you're not using our rpms.
Comment 15 David Walser 2021-08-18 18:36:19 CEST
OK I think I see the issue.  The {}'s are missing from the extension directory name; I guess they need to be escaped in the SPEC file.  Rebuilding now.  Try with firefox-l10n-91.0.1-1.1.mga8.
Comment 16 Thomas Andrews 2021-08-19 03:39:39 CEST
Booted into a test MGA8 Plasma install that was using Firefox 78.13. Used MCC to add packages for Spanish, then switched Firefox 78.13 to using Spanish in the interface. Was able to recall enough of my high school Spanish, coupled with memory of what does what in English to do some basic navigation.

Used the package list from Comment 0 in qarepo with the "fuzzy version" option to download the packages for test, then used MCC to update. No installation issues. Ran Firefox again, and it came up using Spanish. My settings regarding toolbars and display theme were untouched, and at first glance my font settings look good, too. Adblocker Ultimate extension seems to be functional, as do the few others I have, and their interfaces are in Spanish.

Looks like we've got it...
Comment 17 Thomas Andrews 2021-08-19 03:41:32 CEST
Also was able to return to US English without difficulty.
Comment 18 Jose Manuel López 2021-08-19 12:19:12 CEST
Ok, from the last update, now Firefox shows in spanish correctly.

Now, I have tried to start again with the update frome Firefox 78.13. I uninstall firefox and clean all packages. After, I install Firefox 78.13 from stable repositories. I have activated the testing repositories frome MCC and urpmi --auto-update from konsole. I install the new update of Firefox ESR 91. 

Firefox ESR show fine in spanish language, it has saved all settings from the previous version, and work fine. 

I think that this is fixed.

Greetings!!
Comment 19 Guillaume Royer 2021-08-19 20:46:36 CEST
Tested with MGA8 XFCE with QA repo from:

firefox-91.0.1-1.mga8.x86_64.rpm
firefox-fr-91.0.1-1.mga8.noarch.rpm

no problems found after installation, bank, Matrix Element and streaming are ok.
I don't use some specially extensions

CC: (none) => guillaume.royer

Comment 20 Morgan Leijström 2021-08-23 21:12:04 CEST
all seem OK on my workstation 64 bit Plasma, Swedish, banking, video with sound, various forums...

CC: (none) => fri

Comment 21 Morgan Leijström 2021-08-24 18:45:33 CEST
/ Weird minor issue with printing: when using Firefox default printing dialogue, printing through boomaga generates too light prints.  Default dialogue and printing directly to my LBP7750cdn laserjet works correctly, and also when i in firefox select to use system printing dialogue, printing with boomaga works too.  May be some dialect issue with Boomaga and new firefox.  No update for long upstreams. Anyway not a bocking issue and very probably not a packaging issue anyway. /
Comment 22 David Walser 2021-09-07 19:00:28 CEST
Mozilla has released Firefox 91.1.0 today (September 7):
https://www.mozilla.org/en-US/firefox/91.1.0/releasenotes/

NSS 3.70 has been released on August 5, and fixes a performance regression from 3.69 which is mentioned in the 3.69.1 release notes:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html

The actual security issue(s) fixed between this and 78.13.0 is only CVE-2021-38493, listed here:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/

So the references for this update will be:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493
https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html
https://support.mozilla.org/kb/firefox-enterprise-91-release-notes
https://www.mozilla.org/en-US/firefox/91.0esr/releasenotes/
https://www.mozilla.org/en-US/firefox/91.0.1esr/releasenotes/

Update in progress.

Component: RPM Packages => Security
Summary: Firefox 91.0 => Firefox 91.1
QA Contact: (none) => security

David Walser 2021-09-07 19:00:50 CEST

Blocks: (none) => 29378

Comment 23 David Walser 2021-09-07 21:00:35 CEST
Build error:
13:03.51 In file included from /home/iurt/rpmbuild/BUILD/firefox-91.1.0/modules/fdlibm/src/e_acos.cpp:44:
13:03.51 /home/iurt/rpmbuild/BUILD/firefox-91.1.0/modules/fdlibm/src/math_private.h:34:21: error: conflicting declaration 'typedef __double_t double_t'
13:03.51    34 | typedef __double_t  double_t;
13:03.51       |                     ^~~~~~~~
13:03.51 In file included from /usr/include/c++/11/cmath:45,
13:03.51                  from /home/iurt/rpmbuild/BUILD/firefox-91.1.0/objdir/dist/system_wrappers/cmath:3,
13:03.51                  from /home/iurt/rpmbuild/BUILD/firefox-91.1.0/objdir/dist/stl_wrappers/cmath:60,
13:03.51                  from /home/iurt/rpmbuild/BUILD/firefox-91.1.0/modules/fdlibm/src/e_acos.cpp:41:
13:03.51 /usr/include/math.h:156:21: note: previous declaration as 'typedef long double double_t'
13:03.51   156 | typedef long double double_t;
13:03.51       |                     ^~~~~~~~
13:03.65 gmake[4]: *** [/home/iurt/rpmbuild/BUILD/firefox-91.1.0/config/rules.mk:676: e_acos.o] Error 1
13:03.65 gmake[3]: *** [/home/iurt/rpmbuild/BUILD/firefox-91.1.0/config/recurse.mk:72: modules/fdlibm/src/target-objects] Error 2

http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20210907181458.luigiwalser.duvel.14002/log/firefox-91.1.0-1.mga9/build.i586.0.20210907181506.log

Severity: normal => critical
Assignee: qa-bugs => pkg-bugs

Comment 24 David Walser 2021-09-08 22:12:41 CEST
Build fixed by Nicolas Salguero.

Advisory:
========================

Updated firefox packages fix security vulnerability:

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs
present in Firefox ESR 78.13. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code (CVE-2021-38493).

The firefox package has been updated to the 91ESR branch.  See the upstream
release notes for details.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493
https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html
https://support.mozilla.org/kb/firefox-enterprise-91-release-notes
https://www.mozilla.org/en-US/firefox/91.0esr/releasenotes/
https://www.mozilla.org/en-US/firefox/91.0.1esr/releasenotes/
========================

Updated packages in core/updates_testing:
========================
nss-3.70.0-1.mga8
nss-doc-3.70.0-1.mga8
libnss3-3.70.0-1.mga8
libnss-devel-3.70.0-1.mga8
libnss-static-devel-3.70.0-1.mga8
firefox-91.1.0-1.mga8
firefox-ru-91.1.0-1.mga8
firefox-uk-91.1.0-1.mga8
firefox-be-91.1.0-1.mga8
firefox-el-91.1.0-1.mga8
firefox-kk-91.1.0-1.mga8
firefox-th-91.1.0-1.mga8
firefox-pa_IN-91.1.0-1.mga8
firefox-ka-91.1.0-1.mga8
firefox-ja-91.1.0-1.mga8
firefox-bg-91.1.0-1.mga8
firefox-sr-91.1.0-1.mga8
firefox-hy_AM-91.1.0-1.mga8
firefox-ko-91.1.0-1.mga8
firefox-zh_TW-91.1.0-1.mga8
firefox-vi-91.1.0-1.mga8
firefox-zh_CN-91.1.0-1.mga8
firefox-hu-91.1.0-1.mga8
firefox-bn-91.1.0-1.mga8
firefox-hi_IN-91.1.0-1.mga8
firefox-ar-91.1.0-1.mga8
firefox-sk-91.1.0-1.mga8
firefox-cs-91.1.0-1.mga8
firefox-ur-91.1.0-1.mga8
firefox-hsb-91.1.0-1.mga8
firefox-lt-91.1.0-1.mga8
firefox-te-91.1.0-1.mga8
firefox-fr-91.1.0-1.mga8
firefox-he-91.1.0-1.mga8
firefox-pl-91.1.0-1.mga8
firefox-sq-91.1.0-1.mga8
firefox-fa-91.1.0-1.mga8
firefox-de-91.1.0-1.mga8
firefox-oc-91.1.0-1.mga8
firefox-tr-91.1.0-1.mga8
firefox-kab-91.1.0-1.mga8
firefox-es_MX-91.1.0-1.mga8
firefox-es_AR-91.1.0-1.mga8
firefox-es_CL-91.1.0-1.mga8
firefox-pt_PT-91.1.0-1.mga8
firefox-fy_NL-91.1.0-1.mga8
firefox-pt_BR-91.1.0-1.mga8
firefox-gl-91.1.0-1.mga8
firefox-cy-91.1.0-1.mga8
firefox-sv_SE-91.1.0-1.mga8
firefox-gd-91.1.0-1.mga8
firefox-km-91.1.0-1.mga8
firefox-ro-91.1.0-1.mga8
firefox-mr-91.1.0-1.mga8
firefox-gu_IN-91.1.0-1.mga8
firefox-hr-91.1.0-1.mga8
firefox-sl-91.1.0-1.mga8
firefox-nl-91.1.0-1.mga8
firefox-es_ES-91.1.0-1.mga8
firefox-eo-91.1.0-1.mga8
firefox-ca-91.1.0-1.mga8
firefox-da-91.1.0-1.mga8
firefox-fi-91.1.0-1.mga8
firefox-eu-91.1.0-1.mga8
firefox-ia-91.1.0-1.mga8
firefox-nn_NO-91.1.0-1.mga8
firefox-nb_NO-91.1.0-1.mga8
firefox-br-91.1.0-1.mga8
firefox-id-91.1.0-1.mga8
firefox-tl-91.1.0-1.mga8
firefox-my-91.1.0-1.mga8
firefox-ta-91.1.0-1.mga8
firefox-en_GB-91.1.0-1.mga8
firefox-szl-91.1.0-1.mga8
firefox-en_CA-91.1.0-1.mga8
firefox-an-91.1.0-1.mga8
firefox-ast-91.1.0-1.mga8
firefox-kn-91.1.0-1.mga8
firefox-az-91.1.0-1.mga8
firefox-si-91.1.0-1.mga8
firefox-en_US-91.1.0-1.mga8
firefox-et-91.1.0-1.mga8
firefox-ff-91.1.0-1.mga8
firefox-lij-91.1.0-1.mga8
firefox-uz-91.1.0-1.mga8
firefox-is-91.1.0-1.mga8
firefox-mk-91.1.0-1.mga8
firefox-lv-91.1.0-1.mga8
firefox-bs-91.1.0-1.mga8
firefox-ga_IE-91.1.0-1.mga8
firefox-it-91.1.0-1.mga8
firefox-ms-91.1.0-1.mga8
firefox-xh-91.1.0-1.mga8
firefox-af-91.1.0-1.mga8

from SRPMS:
nss-3.70.0-1.mga8.src.rpm
firefox-91.1.0-1.mga8.src.rpm
firefox-l10n-91.1.0-1.mga8.src.rpm

Assignee: pkg-bugs => qa-bugs

Comment 25 Morgan Leijström 2021-09-09 02:47:26 CEST
OK here on 64bit, plasma, nvidia;
video sites, banking...
Settings kept, localisation, reopening old tabs...

lib64nss3-2:3.70.0-1.mga8.x86_64
firefox-0:91.1.0-1.mga8.x86_64
install firefox-sv_SE-91.1.0-1.mga8.noarch
Comment 26 Thomas Andrews 2021-09-09 03:43:16 CEST
64-bit US-English version, updating from version 78.13. No installation or profile issues. My bank wouldn't run 78.13 unless I spoofed a later user agent, but it is OK with this one. Facebook good, same with my newspaper site.

Looks good here.
Comment 27 Jose Manuel López 2021-09-09 08:30:34 CEST
Hi all, here works fine in Mga x64, updating from version 78.13. No issues, language ok. All webs that I have opened ok, addons, themes and configurations have been kept after update.
Comment 28 Guillaume Royer 2021-09-10 16:33:37 CEST
MGA 64 with XFCE optimus technology

Updated with QA repo and RPM:

nss-3.70.0-1.mga8
nss-doc-3.70.0-1.mga8
libnss3-3.70.0-1.mga8
libnss-devel-3.70.0-1.mga8
libnss-static-devel-3.70.0-1.mga8
firefox-91.1.0-1.mga8
firefox-fr-91.1.0-1.mga8

No issues after update.
Sites: 

Bank -> Ok
Element (Matrix server) -> Ok
Streaming youtube -> Ok
Disney + -> OK
Netflix -> Ok
Comment 29 Thomas Andrews 2021-09-11 03:10:08 CEST
Tried the 32-bit English version on real 32-bit hardware, with no problems noted. Things were slow, but that has been typical of this hardware with today's Internet.

Sending it on its way. Validating. Advisory in Comment 24.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK MGA8-32-OK
Keywords: (none) => validated_update

Comment 30 David Walser 2021-09-13 18:02:58 CEST
RedHat has issued an advisory for this today (September 13):
https://access.redhat.com/errata/RHSA-2021:3498
Comment 31 Jose Manuel López 2021-09-14 09:12:53 CEST
Hi all, I find a bug in Firefox. I can't open Caixabank web after login. The web crash and I can't advance.

For mor information see: https://bugzilla.mozilla.org/show_bug.cgi?id=1730645

This is not a Mageia build issue, but I wanted to report it here, because the solution provided by Mozilla in the Mageia compilation will have to be applied.

Greetings!
Comment 32 Jose Manuel López 2021-09-14 10:18:53 CEST
Hi, I have checked that this issue appears in others browser as chromium-browser of mageia, and Brave-browser in the last version.

So I think that this can be a problem of the Caixabank web implementation.

Greetings!
Comment 33 Jose Manuel López 2021-09-14 11:41:25 CEST
Hi, I find the solution.

It seems that Caixabank has changed its signature mode to the mobile application and needed confirmation from the mobile application to be able to enter the web.

I close the bug.

Greetings!

Note You need to log in before you can comment on or make changes to this bug.