Packages submitted to the build system and should be available in a few hours.

Assignee: luigiwalser => qa-bugs

Advisory committed to svn as ...
$ cat 30134.adv 
type: security
subject: Updated firefox packages fix security vulnerability
src:
  8:
   core:
     - firefox-91.7.0-1.mga8
     - firefox-l10n-91.7.0-1.mga8
description: |
  Release notes are not available at this time. See the referenced
  link when they do become available.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30134
 - https://www.mozilla.org/en-US/firefox/91.7.0/releasenotes/

CC: (none) => davidwhodgins
Keywords: (none) => advisory

That's not the real advisory.  The release notes will be available tomorrow.

Tested on x86-64 using Canadian English and Parisian French, i586 under vb, and
aarch64 on rpi 4b.

Validating the update. Ready to push as soon as the real advisory is available
and updated in svn.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK MGA8-32-OK

Thanks.  I don't think the updates pushing script actually checks for the advisory keyword in Bugzilla, it just checks for one in SVN, so let's hold off on validating while there's an incorrect one there.

Keywords: validated_update => (none)

Hi, I have tested in Vbox and in my personal computer. Works fine, video and audio, settings, banks, sync, updated from Firefox 91.6.

CC: (none) => joselp

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

An attacker could have caused a use-after-free by forcing a text reflow in an
SVG object leading to a potentially exploitable crash (CVE-2022-26381).

When resizing a popup after requesting fullscreen access, the popup would not
display the fullscreen notification (CVE-2022-26383).

If an attacker could control the contents of an iframe sandboxed with
allow-popups but not allow-scripts, they were able to craft a link that, when
clicked, would lead to JavaScript execution in violation of the sandbox
(CVE-2022-26384).

Previously Firefox for macOS and Linux would download temporary files to a
user-specific directory in /tmp, but this behavior was changed to download
them to /tmp where they could be affected by other local users. This behavior
was reverted to the original, user-specific directory (CVE-2022-26386).

When installing an add-on, Firefox verified the signature before prompting the
user; but while the user was confirming the prompt, the underlying add-on file
could have been modified and Firefox would not have noticed (CVE-2022-26387).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/

Keywords: (none) => advisory, validated_update

(In reply to David Walser from comment #5)
> Thanks.  I don't think the updates pushing script actually checks for the
> advisory keyword in Bugzilla, it just checks for one in SVN, so let's hold
> off on validating while there's an incorrect one there.

Yes, if there is an advisory file added in svn, we only check for validated_update keyword (and potential blocker bugs)

the "advisory" keywoard is for showing up as as a "*" in madb to inform that the advisory has been added to svn.

Is the updated advisory from comment 7 committed to svn ?

Yes, David Walser updated it at 2022-03-08 16:14:17 +0100

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0093.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

OK mga8-64, swedish, i7, plasma, nvidia-current, 4kscreen
various sites; banking, video...

CC: (none) => fri

RedHat has issued an advisory for this today (March 10):
https://access.redhat.com/errata/RHSA-2022:0818