Mozilla has released Firefox 91.6.1 today (March 5): https://www.mozilla.org/en-US/firefox/91.6.1/releasenotes/ It fixes two security issues, being actively exploited in the wild: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ There are also rootcerts and nss updates: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/W13LB93wep4 https://firefox-source-docs.mozilla.org/security/nss/releases/index.html https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html Package list should be as follows. Updated packages in core/updates_testing: ======================================== rootcerts-20220208.00-1.mga8 rootcerts-java-20220208.00-1.mga8 nss-3.76.0-1.mga8 nss-doc-3.76.0-1.mga8 libnss3-3.76.0-1.mga8 libnss-devel-3.76.0-1.mga8 libnss-static-devel-3.76.0-1.mga8 firefox-91.6.1-1.mga8 firefox-ru-91.6.1-1.mga8 firefox-uk-91.6.1-1.mga8 firefox-be-91.6.1-1.mga8 firefox-el-91.6.1-1.mga8 firefox-kk-91.6.1-1.mga8 firefox-th-91.6.1-1.mga8 firefox-pa_IN-91.6.1-1.mga8 firefox-ka-91.6.1-1.mga8 firefox-ja-91.6.1-1.mga8 firefox-bg-91.6.1-1.mga8 firefox-sr-91.6.1-1.mga8 firefox-hy_AM-91.6.1-1.mga8 firefox-ko-91.6.1-1.mga8 firefox-zh_TW-91.6.1-1.mga8 firefox-vi-91.6.1-1.mga8 firefox-zh_CN-91.6.1-1.mga8 firefox-hu-91.6.1-1.mga8 firefox-bn-91.6.1-1.mga8 firefox-hi_IN-91.6.1-1.mga8 firefox-ar-91.6.1-1.mga8 firefox-sk-91.6.1-1.mga8 firefox-cs-91.6.1-1.mga8 firefox-ur-91.6.1-1.mga8 firefox-hsb-91.6.1-1.mga8 firefox-lt-91.6.1-1.mga8 firefox-te-91.6.1-1.mga8 firefox-fr-91.6.1-1.mga8 firefox-he-91.6.1-1.mga8 firefox-pl-91.6.1-1.mga8 firefox-sq-91.6.1-1.mga8 firefox-fa-91.6.1-1.mga8 firefox-de-91.6.1-1.mga8 firefox-oc-91.6.1-1.mga8 firefox-tr-91.6.1-1.mga8 firefox-kab-91.6.1-1.mga8 firefox-es_MX-91.6.1-1.mga8 firefox-es_AR-91.6.1-1.mga8 firefox-es_CL-91.6.1-1.mga8 firefox-pt_PT-91.6.1-1.mga8 firefox-fy_NL-91.6.1-1.mga8 firefox-pt_BR-91.6.1-1.mga8 firefox-gl-91.6.1-1.mga8 firefox-cy-91.6.1-1.mga8 firefox-sv_SE-91.6.1-1.mga8 firefox-gd-91.6.1-1.mga8 firefox-km-91.6.1-1.mga8 firefox-ro-91.6.1-1.mga8 firefox-mr-91.6.1-1.mga8 firefox-gu_IN-91.6.1-1.mga8 firefox-hr-91.6.1-1.mga8 firefox-sl-91.6.1-1.mga8 firefox-nl-91.6.1-1.mga8 firefox-es_ES-91.6.1-1.mga8 firefox-eo-91.6.1-1.mga8 firefox-ca-91.6.1-1.mga8 firefox-da-91.6.1-1.mga8 firefox-fi-91.6.1-1.mga8 firefox-eu-91.6.1-1.mga8 firefox-ia-91.6.1-1.mga8 firefox-nn_NO-91.6.1-1.mga8 firefox-nb_NO-91.6.1-1.mga8 firefox-br-91.6.1-1.mga8 firefox-id-91.6.1-1.mga8 firefox-tl-91.6.1-1.mga8 firefox-my-91.6.1-1.mga8 firefox-ta-91.6.1-1.mga8 firefox-en_GB-91.6.1-1.mga8 firefox-szl-91.6.1-1.mga8 firefox-en_CA-91.6.1-1.mga8 firefox-an-91.6.1-1.mga8 firefox-ast-91.6.1-1.mga8 firefox-kn-91.6.1-1.mga8 firefox-az-91.6.1-1.mga8 firefox-si-91.6.1-1.mga8 firefox-en_US-91.6.1-1.mga8 firefox-et-91.6.1-1.mga8 firefox-ff-91.6.1-1.mga8 firefox-lij-91.6.1-1.mga8 firefox-uz-91.6.1-1.mga8 firefox-is-91.6.1-1.mga8 firefox-mk-91.6.1-1.mga8 firefox-lv-91.6.1-1.mga8 firefox-bs-91.6.1-1.mga8 firefox-ga_IE-91.6.1-1.mga8 firefox-it-91.6.1-1.mga8 firefox-ms-91.6.1-1.mga8 firefox-xh-91.6.1-1.mga8 firefox-af-91.6.1-1.mga8 from SRPMS: rootcerts-20220208.00-1.mga8.src.rpm nss-3.76.0-1.mga8.src.rpm firefox-91.6.1-1.mga8.src.rpm firefox-l10n-91.6.1-1.mga8.src.rpm
Keywords: (none) => advisoryCC: (none) => davidwhodgins
Packages submitted to the build system and should be available in a few hours. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape (CVE-2022-26486). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486 https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Assignee: bugsquad => qa-bugsKeywords: advisory => (none)
SVN advisory fixed.
Keywords: (none) => advisory
Tested on Mageia x86_64, both Canadian English and French. Validating the update.
Whiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Tested on aarch64 too (rpi 4b).
The following 8 packages are going to be installed: - firefox-91.6.1-1.mga8.x86_64 - firefox-en_CA-91.6.1-1.mga8.noarch - firefox-en_GB-91.6.1-1.mga8.noarch - firefox-en_US-91.6.1-1.mga8.noarch - lib64nss3-3.76.0-1.mga8.x86_64 - nss-3.76.0-1.mga8.x86_64 - rootcerts-20220208.00-1.mga8.noarch - rootcerts-java-20220208.00-1.mga8.noarch -- rebooted youtube sound works typical sites work no issues I can identify
CC: (none) => brtians1
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0089.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
OK mga8-64 swedish plasma localisation, settings, tabs restored. Some typical browsing incl video & banking
CC: (none) => fri
Blocks: (none) => 30129
RedHat has issued an advisory for this today (March 10): https://access.redhat.com/errata/RHSA-2022:0818