Bug 29865 - Firefox 91.5
Summary: Firefox 91.5
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 29873
  Show dependency treegraph
 
Reported: 2022-01-11 00:24 CET by David Walser
Modified: 2022-01-26 15:49 CET (History)
7 users (show)

See Also:
Source RPM: rootcerts, nspr, nss, firefox
CVE:
Status comment:


Attachments

Description David Walser 2022-01-11 00:24:54 CET
Mozilla has released Firefox 91.5.0 today (January 10):
https://www.mozilla.org/en-US/firefox/91.5.0/releasenotes/

The release notes for 91.5.0 are not available yet as of this posting.

There are also rootcerts, nspr, and nss updates (last link current unavailable):
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/RDHVnt1nlWw
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/5cpT9SNXYSM
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html

Package list should be as follows.

Updated packages in core/updates_testing:
========================================
libnspr4-4.33-1.mga8
libnspr-devel-4.33-1.mga8
rootcerts-20211213.00-1.mga8
rootcerts-java-20211213.00-1.mga8
nss-3.74.0-1.mga8
nss-doc-3.74.0-1.mga8
libnss3-3.74.0-1.mga8
libnss-devel-3.74.0-1.mga8
libnss-static-devel-3.74.0-1.mga8
firefox-91.5.0-1.mga8
firefox-ru-91.5.0-1.mga8
firefox-uk-91.5.0-1.mga8
firefox-be-91.5.0-1.mga8
firefox-el-91.5.0-1.mga8
firefox-kk-91.5.0-1.mga8
firefox-th-91.5.0-1.mga8
firefox-pa_IN-91.5.0-1.mga8
firefox-ka-91.5.0-1.mga8
firefox-ja-91.5.0-1.mga8
firefox-bg-91.5.0-1.mga8
firefox-sr-91.5.0-1.mga8
firefox-hy_AM-91.5.0-1.mga8
firefox-ko-91.5.0-1.mga8
firefox-zh_TW-91.5.0-1.mga8
firefox-vi-91.5.0-1.mga8
firefox-zh_CN-91.5.0-1.mga8
firefox-hu-91.5.0-1.mga8
firefox-bn-91.5.0-1.mga8
firefox-hi_IN-91.5.0-1.mga8
firefox-ar-91.5.0-1.mga8
firefox-sk-91.5.0-1.mga8
firefox-cs-91.5.0-1.mga8
firefox-ur-91.5.0-1.mga8
firefox-hsb-91.5.0-1.mga8
firefox-lt-91.5.0-1.mga8
firefox-te-91.5.0-1.mga8
firefox-fr-91.5.0-1.mga8
firefox-he-91.5.0-1.mga8
firefox-pl-91.5.0-1.mga8
firefox-sq-91.5.0-1.mga8
firefox-fa-91.5.0-1.mga8
firefox-de-91.5.0-1.mga8
firefox-oc-91.5.0-1.mga8
firefox-tr-91.5.0-1.mga8
firefox-kab-91.5.0-1.mga8
firefox-es_MX-91.5.0-1.mga8
firefox-es_AR-91.5.0-1.mga8
firefox-es_CL-91.5.0-1.mga8
firefox-pt_PT-91.5.0-1.mga8
firefox-fy_NL-91.5.0-1.mga8
firefox-pt_BR-91.5.0-1.mga8
firefox-gl-91.5.0-1.mga8
firefox-cy-91.5.0-1.mga8
firefox-sv_SE-91.5.0-1.mga8
firefox-gd-91.5.0-1.mga8
firefox-km-91.5.0-1.mga8
firefox-ro-91.5.0-1.mga8
firefox-mr-91.5.0-1.mga8
firefox-gu_IN-91.5.0-1.mga8
firefox-hr-91.5.0-1.mga8
firefox-sl-91.5.0-1.mga8
firefox-nl-91.5.0-1.mga8
firefox-es_ES-91.5.0-1.mga8
firefox-eo-91.5.0-1.mga8
firefox-ca-91.5.0-1.mga8
firefox-da-91.5.0-1.mga8
firefox-fi-91.5.0-1.mga8
firefox-eu-91.5.0-1.mga8
firefox-ia-91.5.0-1.mga8
firefox-nn_NO-91.5.0-1.mga8
firefox-nb_NO-91.5.0-1.mga8
firefox-br-91.5.0-1.mga8
firefox-id-91.5.0-1.mga8
firefox-tl-91.5.0-1.mga8
firefox-my-91.5.0-1.mga8
firefox-ta-91.5.0-1.mga8
firefox-en_GB-91.5.0-1.mga8
firefox-szl-91.5.0-1.mga8
firefox-en_CA-91.5.0-1.mga8
firefox-an-91.5.0-1.mga8
firefox-ast-91.5.0-1.mga8
firefox-kn-91.5.0-1.mga8
firefox-az-91.5.0-1.mga8
firefox-si-91.5.0-1.mga8
firefox-en_US-91.5.0-1.mga8
firefox-et-91.5.0-1.mga8
firefox-ff-91.5.0-1.mga8
firefox-lij-91.5.0-1.mga8
firefox-uz-91.5.0-1.mga8
firefox-is-91.5.0-1.mga8
firefox-mk-91.5.0-1.mga8
firefox-lv-91.5.0-1.mga8
firefox-bs-91.5.0-1.mga8
firefox-ga_IE-91.5.0-1.mga8
firefox-it-91.5.0-1.mga8
firefox-ms-91.5.0-1.mga8
firefox-xh-91.5.0-1.mga8
firefox-af-91.5.0-1.mga8

from SRPMS:
nspr-4.33-1.mga8.src.rpm
rootcerts-20211213.00-1.mga8.src.rpm
nss-3.74.0-1.mga8.src.rpm
firefox-91.5.0-1.mga8.src.rpm
firefox-l10n-91.5.0-1.mga8.src.rpm
Comment 1 David Walser 2022-01-11 03:12:17 CET
Build error in Cauldron:
35:42.88    Compiling wast v36.0.0
35:43.03 ld.lld: error: undefined symbol: wl_proxy_marshal_flags
35:43.03 >>> referenced by wayland-client-protocol.h:3672 (/usr/include/wayland-client-protocol.h:3672)
35:43.03 >>>               /home/iurt/rpmbuild/BUILD/firefox-91.5.0/objdir/toolkit/library/build/../../../gfx/gl/Unified_cpp_gfx_gl0.o:(mozilla::gl::DeleteWaylandGLSurface(void*))
35:43.03 >>> referenced by wayland-client-protocol.h:1291 (/usr/include/wayland-client-protocol.h:1291)
35:43.03 >>>               /home/iurt/rpmbuild/BUILD/firefox-91.5.0/objdir/toolkit/library/build/../../../gfx/gl/Unified_cpp_gfx_gl0.o:(mozilla::gl::GLContextEGL::CreateWaylandBufferSurface(mozilla::gl::EglDisplay&, void*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>&))
35:43.03 >>> referenced by wayland-client-protocol.h:3914 (/usr/include/wayland-client-protocol.h:3914)
35:43.03 >>>               /home/iurt/rpmbuild/BUILD/firefox-91.5.0/objdir/toolkit/library/build/../../../gfx/layers/Unified_cpp_gfx_layers1.o:(mozilla::layers::NativeLayerRootWayland::EnsureHideLayer(RefPtr<mozilla::layers::NativeLayerWayland> const&))
35:43.03 >>> referenced 85 more times
35:43.14 clang-13: error: linker command failed with exit code 1 (use -v to see invocation)
35:43.14 gmake[4]: *** [/home/iurt/rpmbuild/BUILD/firefox-91.5.0/config/rules.mk:545: libxul.so] Error 1
35:43.14 gmake[3]: *** [/home/iurt/rpmbuild/BUILD/firefox-91.5.0/config/recurse.mk:72: toolkit/library/build/target] Error 2
35:43.14 gmake[3]: *** Waiting for unfinished jobs....

http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20220111005043.luigiwalser.duvel.2060387/log/firefox-91.5.0-1.mga9/build.aarch64.0.20220111005620.log
Comment 2 David Walser 2022-01-11 03:13:15 CET
Packages built for Mageia 8.  Need help with Cauldron.

Assignee: luigiwalser => pkg-bugs
Version: 8 => Cauldron
Whiteboard: (none) => MGA8TOO

Comment 4 Jose Manuel López 2022-01-11 08:41:56 CET
Hi,

Installed in Mageia 8 Vbox x64, works fine, banks, youtube, addons, all ok for the momento. 

Updated from Firefox 91.4, all settings saved ok.

Greetings!!

CC: (none) => joselpddj

Comment 5 Nicolas Salguero 2022-01-11 09:39:13 CET
(In reply to David Walser from comment #1)
> 35:43.03 ld.lld: error: undefined symbol: wl_proxy_marshal_flags
> 35:43.03 >>> referenced by wayland-client-protocol.h:3672
> (/usr/include/wayland-client-protocol.h:3672)

I had the same problem with thunderbird and found: https://bugs.gentoo.org/811840#c7.  The issue seems to come from version 1.20 of wayland.

CC: (none) => nicolas.salguero

Comment 6 David Walser 2022-01-11 17:27:02 CET
blino also found this upstream fix which I assume will be in 91.6:
https://hg.mozilla.org/releases/mozilla-beta/rev/9868f275bf47

Updated packages uploaded for Mageia 8 and Cauldron.

Security fixes:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/

Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA8TOO => (none)

Comment 7 Morgan Leijström 2022-01-11 18:49:56 CET
OK for me mga8-64 Plasma, x11, nvidia-current, 4K screen, swedish

- firefox-91.5.0-1.mga8.x86_64
- firefox-sv_SE-91.5.0-1.mga8.noarch
- lib64nspr4-4.33-1.mga8.x86_64
- lib64nss3-3.74.0-1.mga8.x86_64
- nss-3.74.0-1.mga8.x86_64
- rootcerts-20211213.00-1.mga8.noarch

Clean upgrade, preserved open tabs, settings, plugins
Tested banking sites, tax, some video sites, other sites, all OK

CC: (none) => fri

Comment 8 Len Lawrence 2022-01-11 20:45:34 CET
mga8, x64
Updated the packages includin en_GB, en_US and en_CA.
Firefox restarted with all bookmarks listed.
Restored previous session OK.
Running fine just now on a range of sites.

CC: (none) => tarazed25

Comment 9 Guillaume Royer 2022-01-11 21:01:00 CET
MGA8 X64 

update with QA repo and packages Fr.

Firefox running fine.
Element client web Matrix ok

CC: (none) => guillaume.royer

Comment 10 Dave Hodgins 2022-01-11 22:57:15 CET
Validating the update

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Dave Hodgins 2022-01-11 23:13:47 CET

Keywords: (none) => advisory

David Walser 2022-01-11 23:59:23 CET

Blocks: (none) => 29873

Comment 11 David Walser 2022-01-12 00:17:16 CET
SVN advisory corrected to match the following.

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

It was possible to construct specific XSLT markup that would be able to bypass
an iframe sandbox (CVE-2021-4140).

Constructing audio sinks could have lead to a race condition when playing
audio files and closing windows. This could have lead to a use-after-free
causing a potentially exploitable crash (CVE-2022-22737).

Applying a CSS filter effect could have accessed out of bounds memory. This
could have lead to a heap-buffer-overflow in blendGaussianBlur causing a
potentially exploitable crash (CVE-2022-22738).

Malicious websites could have tricked users into accepting launching a program
to handle an external URL protocol due to missing throttling on external
protocol launch dialog (CVE-2022-22739).

Certain network request objects were freed too early when releasing a network
request handle. This could have lead to a use-after-free of
ChannelEventQueue::mOwner causing a potentially exploitable crash
(CVE-2022-22740).

When resizing a popup while requesting fullscreen access, the popup would have
become unable to leave fullscreen mode (CVE-2022-22741).

When inserting text while in edit mode, some characters might have lead to
out-of-bounds memory access causing a potentially exploitable crash
(CVE-2022-22742).

When navigating from inside an iframe while requesting fullscreen access, an
attacker-controlled tab could have made the browser unable to leave fullscreen
mode (CVE-2022-22743).

Securitypolicyviolation events could have leaked cross-origin information for
frame-ancestors violations (CVE-2022-22745).

After accepting an untrusted certificate, handling an empty pkcs7 sequence as
part of the certificate data could have lead to a crash. This crash is
believed to be unexploitable (CVE-2022-22747).

Malicious websites could have confused Firefox into showing the wrong origin
when asking to launch a program and handling an external URL protocol
(CVE-2022-22748).

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason
Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported
memory safety bugs present in Firefox ESR 91.4. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort some of
these could have been exploited to run arbitrary code (CVE-2022-22751).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/RDHVnt1nlWw
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/5cpT9SNXYSM
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
Comment 12 Mageia Robot 2022-01-12 00:23:29 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0013.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 13 David Walser 2022-01-12 00:29:46 CET
Pushed with the incorrect advisory :o(  Oh well.
Comment 14 David Walser 2022-01-12 15:29:35 CET
RedHat has issued an advisory for this today (January 12):
https://access.redhat.com/errata/RHSA-2022:0130
Comment 15 David Walser 2022-01-26 15:49:59 CET
(In reply to David Walser from comment #11)
> After accepting an untrusted certificate, handling an empty pkcs7 sequence as
> part of the certificate data could have lead to a crash. This crash is
> believed to be unexploitable (CVE-2022-22747).
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747
> https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html
> https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/

This particular fix was actually in nss, it's this one from the nss release notes:
"Bug 1735028 - Check for missing signedData field."

https://www.debian.org/security/2022/dsa-5062

Note You need to log in before you can comment on or make changes to this bug.