Mozilla has released Firefox 91.11.0 today (June 27): https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ The release notes have not been posted yet. There are also rootcerts and nss updates: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/EvvZnF-wh14 https://firefox-source-docs.mozilla.org/security/nss/releases/index.html https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html Package list should be as follows. Updated packages in core/updates_testing: ======================================== rootcerts-20220610.00-1.mga8 rootcerts-java-20220610.00-1.mga8 nss-3.80.0-1.mga8 nss-doc-3.80.0-1.mga8 libnss3-3.80.0-1.mga8 libnss-devel-3.80.0-1.mga8 libnss-static-devel-3.80.0-1.mga8 firefox-91.11.0-1.mga8 firefox-ru-91.11.0-1.mga8 firefox-uk-91.11.0-1.mga8 firefox-be-91.11.0-1.mga8 firefox-el-91.11.0-1.mga8 firefox-kk-91.11.0-1.mga8 firefox-th-91.11.0-1.mga8 firefox-pa_IN-91.11.0-1.mga8 firefox-ka-91.11.0-1.mga8 firefox-ja-91.11.0-1.mga8 firefox-bg-91.11.0-1.mga8 firefox-sr-91.11.0-1.mga8 firefox-hy_AM-91.11.0-1.mga8 firefox-ko-91.11.0-1.mga8 firefox-zh_TW-91.11.0-1.mga8 firefox-vi-91.11.0-1.mga8 firefox-zh_CN-91.11.0-1.mga8 firefox-hu-91.11.0-1.mga8 firefox-bn-91.11.0-1.mga8 firefox-hi_IN-91.11.0-1.mga8 firefox-ar-91.11.0-1.mga8 firefox-sk-91.11.0-1.mga8 firefox-cs-91.11.0-1.mga8 firefox-ur-91.11.0-1.mga8 firefox-hsb-91.11.0-1.mga8 firefox-lt-91.11.0-1.mga8 firefox-te-91.11.0-1.mga8 firefox-fr-91.11.0-1.mga8 firefox-he-91.11.0-1.mga8 firefox-pl-91.11.0-1.mga8 firefox-sq-91.11.0-1.mga8 firefox-fa-91.11.0-1.mga8 firefox-de-91.11.0-1.mga8 firefox-oc-91.11.0-1.mga8 firefox-tr-91.11.0-1.mga8 firefox-kab-91.11.0-1.mga8 firefox-es_MX-91.11.0-1.mga8 firefox-es_AR-91.11.0-1.mga8 firefox-es_CL-91.11.0-1.mga8 firefox-pt_PT-91.11.0-1.mga8 firefox-fy_NL-91.11.0-1.mga8 firefox-pt_BR-91.11.0-1.mga8 firefox-gl-91.11.0-1.mga8 firefox-cy-91.11.0-1.mga8 firefox-sv_SE-91.11.0-1.mga8 firefox-gd-91.11.0-1.mga8 firefox-km-91.11.0-1.mga8 firefox-ro-91.11.0-1.mga8 firefox-mr-91.11.0-1.mga8 firefox-gu_IN-91.11.0-1.mga8 firefox-hr-91.11.0-1.mga8 firefox-sl-91.11.0-1.mga8 firefox-nl-91.11.0-1.mga8 firefox-es_ES-91.11.0-1.mga8 firefox-eo-91.11.0-1.mga8 firefox-ca-91.11.0-1.mga8 firefox-da-91.11.0-1.mga8 firefox-fi-91.11.0-1.mga8 firefox-eu-91.11.0-1.mga8 firefox-ia-91.11.0-1.mga8 firefox-nn_NO-91.11.0-1.mga8 firefox-nb_NO-91.11.0-1.mga8 firefox-br-91.11.0-1.mga8 firefox-id-91.11.0-1.mga8 firefox-tl-91.11.0-1.mga8 firefox-my-91.11.0-1.mga8 firefox-ta-91.11.0-1.mga8 firefox-en_GB-91.11.0-1.mga8 firefox-szl-91.11.0-1.mga8 firefox-en_CA-91.11.0-1.mga8 firefox-an-91.11.0-1.mga8 firefox-ast-91.11.0-1.mga8 firefox-kn-91.11.0-1.mga8 firefox-az-91.11.0-1.mga8 firefox-si-91.11.0-1.mga8 firefox-en_US-91.11.0-1.mga8 firefox-et-91.11.0-1.mga8 firefox-ff-91.11.0-1.mga8 firefox-lij-91.11.0-1.mga8 firefox-uz-91.11.0-1.mga8 firefox-is-91.11.0-1.mga8nss-3.80.0-1.mga8 nss-doc-3.80.0-1.mga8 libnss3-3.80.0-1.mga8 libnss-devel-3.80.0-1.mga8 libnss-static-devel-3.80.0-1.mga8 firefox-91.11.0-1.mga8 firefox-ru-91.11.0-1.mga8 firefox-uk-91.11.0-1.mga8 firefox-be-91.11.0-1.mga8 firefox-el-91.11.0-1.mga8 firefox-kk-91.11.0-1.mga8 firefox-th-91.11.0-1.mga8 firefox-pa_IN-91.11.0-1.mga8 firefox-ka-91.11.0-1.mga8 firefox-ja-91.11.0-1.mga8 firefox-bg-91.11.0-1.mga8 firefox-sr-91.11.0-1.mga8 firefox-hy_AM-91.11.0-1.mga8 firefox-ko-91.11.0-1.mga8 firefox-zh_TW-91.11.0-1.mga8 firefox-vi-91.11.0-1.mga8 firefox-zh_CN-91.11.0-1.mga8 firefox-hu-91.11.0-1.mga8 firefox-bn-91.11.0-1.mga8 firefox-hi_IN-91.11.0-1.mga8 firefox-ar-91.11.0-1.mga8 firefox-sk-91.11.0-1.mga8 firefox-cs-91.11.0-1.mga8 firefox-ur-91.11.0-1.mga8 firefox-hsb-91.11.0-1.mga8 firefox-lt-91.11.0-1.mga8 firefox-te-91.11.0-1.mga8 firefox-fr-91.11.0-1.mga8 firefox-he-91.11.0-1.mga8 firefox-pl-91.11.0-1.mga8 firefox-sq-91.11.0-1.mga8 firefox-fa-91.11.0-1.mga8 firefox-de-91.11.0-1.mga8 firefox-oc-91.11.0-1.mga8 firefox-tr-91.11.0-1.mga8 firefox-kab-91.11.0-1.mga8 firefox-es_MX-91.11.0-1.mga8 firefox-es_AR-91.11.0-1.mga8 firefox-es_CL-91.11.0-1.mga8 firefox-pt_PT-91.11.0-1.mga8 firefox-fy_NL-91.11.0-1.mga8 firefox-pt_BR-91.11.0-1.mga8 firefox-gl-91.11.0-1.mga8 firefox-cy-91.11.0-1.mga8 firefox-sv_SE-91.11.0-1.mga8 firefox-gd-91.11.0-1.mga8 firefox-km-91.11.0-1.mga8 firefox-ro-91.11.0-1.mga8 firefox-mr-91.11.0-1.mga8 firefox-gu_IN-91.11.0-1.mga8 firefox-hr-91.11.0-1.mga8 firefox-sl-91.11.0-1.mga8 firefox-nl-91.11.0-1.mga8 firefox-es_ES-91.11.0-1.mga8 firefox-eo-91.11.0-1.mga8 firefox-ca-91.11.0-1.mga8 firefox-da-91.11.0-1.mga8 firefox-fi-91.11.0-1.mga8 firefox-eu-91.11.0-1.mga8 firefox-ia-91.11.0-1.mga8 firefox-nn_NO-91.11.0-1.mga8 firefox-nb_NO-91.11.0-1.mga8 firefox-br-91.11.0-1.mga8 firefox-id-91.11.0-1.mga8 firefox-tl-91.11.0-1.mga8 firefox-my-91.11.0-1.mga8 firefox-ta-91.11.0-1.mga8 firefox-en_GB-91.11.0-1.mga8 firefox-szl-91.11.0-1.mga8 firefox-en_CA-91.11.0-1.mga8 firefox-an-91.11.0-1.mga8 firefox-ast-91.11.0-1.mga8 firefox-kn-91.11.0-1.mga8 firefox-az-91.11.0-1.mga8 firefox-si-91.11.0-1.mga8 firefox-en_US-91.11.0-1.mga8 firefox-et-91.11.0-1.mga8 firefox-ff-91.11.0-1.mga8 firefox-lij-91.11.0-1.mga8 firefox-uz-91.11.0-1.mga8 firefox-is-91.11.0-1.mga8 firefox-mk-91.11.0-1.mga8 firefox-lv-91.11.0-1.mga8 firefox-bs-91.11.0-1.mga8 firefox-ga_IE-91.11.0-1.mga8 firefox-it-91.11.0-1.mga8 firefox-ms-91.11.0-1.mga8 firefox-xh-91.11.0-1.mga8 firefox-af-91.11.0-1.mga8 from SRPMS: rootcerts-20220610.00-1.mga8.src.rpm nss-3.80.0-1.mga8.src.rpm firefox-91.11.0-1.mga8.src.rpm firefox-l10n-91.11.0-1.mga8.src.rpm
Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/ Advisory: ======================== Updated firefox packages fix security vulnerabilities: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution (CVE-2022-2200). An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy (CVE-2022-31744). Content Security Policy sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI. An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link (CVE-2022-34468). Navigations between XML documents may have led to a use-after-free in nsSHistory and potentially exploitable crash (CVE-2022-34470). If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown (CVE-2022-34472). A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks (CVE-2022-34479). In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container (CVE-2022-34481). The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-34484). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/EvvZnF-wh14 https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
Assignee: luigiwalser => qa-bugs
MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Surfing and searching, I cann't find anything wrong.
CC: (none) => herman.viaene
Mga8-x64 on Vbox Asus Laptop No installation issues. Web ok, banks ok, video and audio ok. All ok for the moment.
CC: (none) => joselp
mga8-64, Plasma, nvidia-current, intel i7 Swedish localisation Settings and tabs kept Used a few banks and shops, played some video sites
CC: (none) => fri
*** Bug 30587 has been marked as a duplicate of this bug. ***
CC: (none) => nicolas.salguero
Blocks: (none) => 30587
Looks good here, too. OKing, and validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
RedHat has issued an advisory for this on June 30: https://access.redhat.com/errata/RHSA-2022:5469
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0251.html
Status: NEW => RESOLVEDResolution: (none) => FIXED