Mozilla has released Firefox 91.2.0 today (October 4): https://www.mozilla.org/en-US/firefox/91.2.0/releasenotes/ The release notes for 91.2.0 are not available yet as of this posting. NSS 3.71 is also out, along with a corresponding rootcerts update: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/eLTKcnMNzPg https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_71.html Update in progress. Package list should be as follows. Updated packages in core/updates_testing: ======================================== rootcerts-20210907.00-1.mga8 rootcerts-java-20210907.00-1.mga8 nss-3.71.0-1.mga8 nss-doc-3.71.0-1.mga8 libnss3-3.71.0-1.mga8 libnss-devel-3.71.0-1.mga8 libnss-static-devel-3.71.0-1.mga8 firefox-91.2.0-1.mga8 firefox-ru-91.2.0-1.mga8 firefox-uk-91.2.0-1.mga8 firefox-be-91.2.0-1.mga8 firefox-el-91.2.0-1.mga8 firefox-kk-91.2.0-1.mga8 firefox-th-91.2.0-1.mga8 firefox-pa_IN-91.2.0-1.mga8 firefox-ka-91.2.0-1.mga8 firefox-ja-91.2.0-1.mga8 firefox-bg-91.2.0-1.mga8 firefox-sr-91.2.0-1.mga8 firefox-hy_AM-91.2.0-1.mga8 firefox-ko-91.2.0-1.mga8 firefox-zh_TW-91.2.0-1.mga8 firefox-vi-91.2.0-1.mga8 firefox-zh_CN-91.2.0-1.mga8 firefox-hu-91.2.0-1.mga8 firefox-bn-91.2.0-1.mga8 firefox-hi_IN-91.2.0-1.mga8 firefox-ar-91.2.0-1.mga8 firefox-sk-91.2.0-1.mga8 firefox-cs-91.2.0-1.mga8 firefox-ur-91.2.0-1.mga8 firefox-hsb-91.2.0-1.mga8 firefox-lt-91.2.0-1.mga8 firefox-te-91.2.0-1.mga8 firefox-fr-91.2.0-1.mga8 firefox-he-91.2.0-1.mga8 firefox-pl-91.2.0-1.mga8 firefox-sq-91.2.0-1.mga8 firefox-fa-91.2.0-1.mga8 firefox-de-91.2.0-1.mga8 firefox-oc-91.2.0-1.mga8 firefox-tr-91.2.0-1.mga8 firefox-kab-91.2.0-1.mga8 firefox-es_MX-91.2.0-1.mga8 firefox-es_AR-91.2.0-1.mga8 firefox-es_CL-91.2.0-1.mga8 firefox-pt_PT-91.2.0-1.mga8 firefox-fy_NL-91.2.0-1.mga8 firefox-pt_BR-91.2.0-1.mga8 firefox-gl-91.2.0-1.mga8 firefox-cy-91.2.0-1.mga8 firefox-sv_SE-91.2.0-1.mga8 firefox-gd-91.2.0-1.mga8 firefox-km-91.2.0-1.mga8 firefox-ro-91.2.0-1.mga8 firefox-mr-91.2.0-1.mga8 firefox-gu_IN-91.2.0-1.mga8 firefox-hr-91.2.0-1.mga8 firefox-sl-91.2.0-1.mga8 firefox-nl-91.2.0-1.mga8 firefox-es_ES-91.2.0-1.mga8 firefox-eo-91.2.0-1.mga8 firefox-ca-91.2.0-1.mga8 firefox-da-91.2.0-1.mga8 firefox-fi-91.2.0-1.mga8 firefox-eu-91.2.0-1.mga8 firefox-ia-91.2.0-1.mga8 firefox-nn_NO-91.2.0-1.mga8 firefox-nb_NO-91.2.0-1.mga8 firefox-br-91.2.0-1.mga8 firefox-id-91.2.0-1.mga8 firefox-tl-91.2.0-1.mga8 firefox-my-91.2.0-1.mga8 firefox-ta-91.2.0-1.mga8 firefox-en_GB-91.2.0-1.mga8 firefox-szl-91.2.0-1.mga8 firefox-en_CA-91.2.0-1.mga8 firefox-an-91.2.0-1.mga8 firefox-ast-91.2.0-1.mga8 firefox-kn-91.2.0-1.mga8 firefox-az-91.2.0-1.mga8 firefox-si-91.2.0-1.mga8 firefox-en_US-91.2.0-1.mga8 firefox-et-91.2.0-1.mga8 firefox-ff-91.2.0-1.mga8 firefox-lij-91.2.0-1.mga8 firefox-uz-91.2.0-1.mga8 firefox-is-91.2.0-1.mga8 firefox-mk-91.2.0-1.mga8 firefox-lv-91.2.0-1.mga8 firefox-bs-91.2.0-1.mga8 firefox-ga_IE-91.2.0-1.mga8 firefox-it-91.2.0-1.mga8 firefox-ms-91.2.0-1.mga8 firefox-xh-91.2.0-1.mga8 firefox-af-91.2.0-1.mga8 from SRPMS: rootcerts-20210907.00-1.mga8.src.rpm nss-3.71.0-1.mga8.src.rpm firefox-91.2.0-1.mga8.src.rpm firefox-l10n-91.2.0-1.mga8.src.rpm
Everything submitted to the build system; should be uploaded by end of the day.
Assignee: bugsquad => qa-bugs
mga8-64, Plasma, nvidia-current, swedish, 4K screen Clean update of rootcerts, nss, firefox Took over settings and tabs. Browsing bank sites, stores, video sites. No problems observed.
CC: (none) => fri
Hi, I have updated today, all ok, language, banks, certificates. I have can login netflix, and bank sites. No problems for the moment. Greetings!
CC: (none) => joselpddj
MGA8-64 Plasma on Lenovo B50, Dutch installation No installation issues, but please David, can you order - as you usually do, I hope - at least the language packs alphabetically, saves a lot of eye strain. After update firefox performms well, no problems encountered.
CC: (none) => herman.viaene
That comes from a build log, which are out of order due to a bug in rpm. Hopefully I'll remember to sort it. I could swear I filed a bug report for this and I can't find it.
Updated the 64-bit US English version, tried my bank site, watched Youtube videos, checked Facebook (it's working today), searched with DuckDuckGo. No issues noted.
CC: (none) => andrewsfarm
MGA8-xfce,English Installed this yesterday and lived with it for the day on laptop. No issues to report.
CC: (none) => brtians1
Advisory: ======================== Updated firefox packages fix security vulnerabilities: Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak (CVE-2021-32810). During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash due to a use-after-free in MessageTask (CVE-2021-38496). Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks (CVE-2021-38497). During process shutdown, a document could have caused a use-after-free of a languages service object (nsLanguageAtomService), leading to memory corruption and a potentially exploitable crash (CVE-2021-38498). Mozilla developers and community members Andreas Pehrson, Christian Holler, Kevin Brosnan, and Mihai Alexandru Michis reported memory safety bugs present in Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-38500, CVE-2021-38501). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38497 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38498 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38501 https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/ https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/eLTKcnMNzPg https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_71.html ======================== Updated packages in core/updates_testing: ======================== rootcerts-20210907.00-1.mga8 rootcerts-java-20210907.00-1.mga8 nss-3.71.0-1.mga8 nss-doc-3.71.0-1.mga8 libnss3-3.71.0-1.mga8 libnss-devel-3.71.0-1.mga8 libnss-static-devel-3.71.0-1.mga8 firefox-91.2.0-1.mga8 firefox-af-91.2.0-1.mga8 firefox-an-91.2.0-1.mga8 firefox-ar-91.2.0-1.mga8 firefox-ast-91.2.0-1.mga8 firefox-az-91.2.0-1.mga8 firefox-be-91.2.0-1.mga8 firefox-bg-91.2.0-1.mga8 firefox-bn-91.2.0-1.mga8 firefox-br-91.2.0-1.mga8 firefox-bs-91.2.0-1.mga8 firefox-ca-91.2.0-1.mga8 firefox-cs-91.2.0-1.mga8 firefox-cy-91.2.0-1.mga8 firefox-da-91.2.0-1.mga8 firefox-de-91.2.0-1.mga8 firefox-el-91.2.0-1.mga8 firefox-en_CA-91.2.0-1.mga8 firefox-en_GB-91.2.0-1.mga8 firefox-en_US-91.2.0-1.mga8 firefox-eo-91.2.0-1.mga8 firefox-es_AR-91.2.0-1.mga8 firefox-es_CL-91.2.0-1.mga8 firefox-es_ES-91.2.0-1.mga8 firefox-es_MX-91.2.0-1.mga8 firefox-et-91.2.0-1.mga8 firefox-eu-91.2.0-1.mga8 firefox-fa-91.2.0-1.mga8 firefox-ff-91.2.0-1.mga8 firefox-fi-91.2.0-1.mga8 firefox-fr-91.2.0-1.mga8 firefox-fy_NL-91.2.0-1.mga8 firefox-ga_IE-91.2.0-1.mga8 firefox-gd-91.2.0-1.mga8 firefox-gl-91.2.0-1.mga8 firefox-gu_IN-91.2.0-1.mga8 firefox-he-91.2.0-1.mga8 firefox-hi_IN-91.2.0-1.mga8 firefox-hr-91.2.0-1.mga8 firefox-hsb-91.2.0-1.mga8 firefox-hu-91.2.0-1.mga8 firefox-hy_AM-91.2.0-1.mga8 firefox-ia-91.2.0-1.mga8 firefox-id-91.2.0-1.mga8 firefox-is-91.2.0-1.mga8 firefox-it-91.2.0-1.mga8 firefox-ja-91.2.0-1.mga8 firefox-ka-91.2.0-1.mga8 firefox-kab-91.2.0-1.mga8 firefox-kk-91.2.0-1.mga8 firefox-km-91.2.0-1.mga8 firefox-kn-91.2.0-1.mga8 firefox-ko-91.2.0-1.mga8 firefox-lij-91.2.0-1.mga8 firefox-lt-91.2.0-1.mga8 firefox-lv-91.2.0-1.mga8 firefox-mk-91.2.0-1.mga8 firefox-mr-91.2.0-1.mga8 firefox-ms-91.2.0-1.mga8 firefox-my-91.2.0-1.mga8 firefox-nb_NO-91.2.0-1.mga8 firefox-nl-91.2.0-1.mga8 firefox-nn_NO-91.2.0-1.mga8 firefox-oc-91.2.0-1.mga8 firefox-pa_IN-91.2.0-1.mga8 firefox-pl-91.2.0-1.mga8 firefox-pt_BR-91.2.0-1.mga8 firefox-pt_PT-91.2.0-1.mga8 firefox-ro-91.2.0-1.mga8 firefox-ru-91.2.0-1.mga8 firefox-si-91.2.0-1.mga8 firefox-sk-91.2.0-1.mga8 firefox-sl-91.2.0-1.mga8 firefox-sq-91.2.0-1.mga8 firefox-sr-91.2.0-1.mga8 firefox-sv_SE-91.2.0-1.mga8 firefox-szl-91.2.0-1.mga8 firefox-ta-91.2.0-1.mga8 firefox-te-91.2.0-1.mga8 firefox-th-91.2.0-1.mga8 firefox-tl-91.2.0-1.mga8 firefox-tr-91.2.0-1.mga8 firefox-uk-91.2.0-1.mga8 firefox-ur-91.2.0-1.mga8 firefox-uz-91.2.0-1.mga8 firefox-vi-91.2.0-1.mga8 firefox-xh-91.2.0-1.mga8 firefox-zh_CN-91.2.0-1.mga8 firefox-zh_TW-91.2.0-1.mga8 from SRPMS: rootcerts-20210907.00-1.mga8.src.rpm nss-3.71.0-1.mga8.src.rpm firefox-91.2.0-1.mga8.src.rpm firefox-l10n-91.2.0-1.mga8.src.rpm
Blocks: (none) => 29500
MGA8-64, Cinnamon, Nvidia 390 $ uname -a Linux localhost 5.14.9-desktop-1.mga8 #1 SMP Thu Sep 30 14:15:05 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux The following 8 packages are going to be installed: - firefox-91.2.0-1.mga8.x86_64 - firefox-en_CA-91.2.0-1.mga8.noarch - firefox-en_GB-91.2.0-1.mga8.noarch - firefox-en_US-91.2.0-1.mga8.noarch - lib64nss3-3.71.0-1.mga8.x86_64 - nss-3.71.0-1.mga8.x86_64 - rootcerts-20210907.00-1.mga8.noarch - rootcerts-java-20210907.00-1.mga8.noarch ---rebooted Browser appears to be working as designed
Blocks: (none) => 29535
Blocks: 29500 => (none)
I've been using this for a few days now on two machines, with no problems, so I'm going to validate it. Advisory in Comment 8.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0469.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (October 12): https://access.redhat.com/errata/RHSA-2021:3791