Mozilla has released Firefox 102.4.0 today (October 17): https://www.mozilla.org/en-US/firefox/102.4.0/releasenotes/ The release notes have not been posted yet. There is also an nss update: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8 https://firefox-source-docs.mozilla.org/security/nss/releases/index.html https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html Package list should be as follows. Updated packages in core/updates_testing: ======================================== libnss3-3.84.0-1.mga8 libnss-devel-3.84.0-1.mga8 libnss-static-devel-3.84.0-1.mga8 nss-3.84.0-1.mga8 nss-doc-3.84.0-1.mga8 firefox-102.4.0-1.mga8 firefox-af-102.4.0-1.mga8 firefox-an-102.4.0-1.mga8 firefox-ar-102.4.0-1.mga8 firefox-ast-102.4.0-1.mga8 firefox-az-102.4.0-1.mga8 firefox-be-102.4.0-1.mga8 firefox-bg-102.4.0-1.mga8 firefox-bn-102.4.0-1.mga8 firefox-br-102.4.0-1.mga8 firefox-bs-102.4.0-1.mga8 firefox-ca-102.4.0-1.mga8 firefox-cs-102.4.0-1.mga8 firefox-cy-102.4.0-1.mga8 firefox-da-102.4.0-1.mga8 firefox-de-102.4.0-1.mga8 firefox-el-102.4.0-1.mga8 firefox-en_CA-102.4.0-1.mga8 firefox-en_GB-102.4.0-1.mga8 firefox-en_US-102.4.0-1.mga8 firefox-eo-102.4.0-1.mga8 firefox-es_AR-102.4.0-1.mga8 firefox-es_CL-102.4.0-1.mga8 firefox-es_ES-102.4.0-1.mga8 firefox-es_MX-102.4.0-1.mga8 firefox-et-102.4.0-1.mga8 firefox-eu-102.4.0-1.mga8 firefox-fa-102.4.0-1.mga8 firefox-ff-102.4.0-1.mga8 firefox-fi-102.4.0-1.mga8 firefox-fr-102.4.0-1.mga8 firefox-fy_NL-102.4.0-1.mga8 firefox-ga_IE-102.4.0-1.mga8 firefox-gd-102.4.0-1.mga8 firefox-gl-102.4.0-1.mga8 firefox-gu_IN-102.4.0-1.mga8 firefox-he-102.4.0-1.mga8 firefox-hi_IN-102.4.0-1.mga8 firefox-hr-102.4.0-1.mga8 firefox-hsb-102.4.0-1.mga8 firefox-hu-102.4.0-1.mga8 firefox-hy_AM-102.4.0-1.mga8 firefox-ia-102.4.0-1.mga8 firefox-id-102.4.0-1.mga8 firefox-is-102.4.0-1.mga8 firefox-it-102.4.0-1.mga8 firefox-ja-102.4.0-1.mga8 firefox-ka-102.4.0-1.mga8 firefox-kab-102.4.0-1.mga8 firefox-kk-102.4.0-1.mga8 firefox-km-102.4.0-1.mga8 firefox-kn-102.4.0-1.mga8 firefox-ko-102.4.0-1.mga8 firefox-lij-102.4.0-1.mga8 firefox-lt-102.4.0-1.mga8 firefox-lv-102.4.0-1.mga8 firefox-mk-102.4.0-1.mga8 firefox-mr-102.4.0-1.mga8 firefox-ms-102.4.0-1.mga8 firefox-my-102.4.0-1.mga8 firefox-nb_NO-102.4.0-1.mga8 firefox-nl-102.4.0-1.mga8 firefox-nn_NO-102.4.0-1.mga8 firefox-oc-102.4.0-1.mga8 firefox-pa_IN-102.4.0-1.mga8 firefox-pl-102.4.0-1.mga8 firefox-pt_BR-102.4.0-1.mga8 firefox-pt_PT-102.4.0-1.mga8 firefox-ro-102.4.0-1.mga8 firefox-ru-102.4.0-1.mga8 firefox-si-102.4.0-1.mga8 firefox-sk-102.4.0-1.mga8 firefox-sl-102.4.0-1.mga8 firefox-sq-102.4.0-1.mga8 firefox-sr-102.4.0-1.mga8 firefox-sv_SE-102.4.0-1.mga8 firefox-szl-102.4.0-1.mga8 firefox-ta-102.4.0-1.mga8 firefox-te-102.4.0-1.mga8 firefox-th-102.4.0-1.mga8 firefox-tl-102.4.0-1.mga8 firefox-tr-102.4.0-1.mga8 firefox-uk-102.4.0-1.mga8 firefox-ur-102.4.0-1.mga8 firefox-uz-102.4.0-1.mga8 firefox-vi-102.4.0-1.mga8 firefox-xh-102.4.0-1.mga8 firefox-zh_CN-102.4.0-1.mga8 firefox-zh_TW-102.4.0-1.mga8 from SRPMS: nss-3.84.0-1.mga8.src.rpm firefox-102.4.0-1.mga8.src.rpm firefox-l10n-102.4.0-1.mga8.src.rpm
Updates have been submitted to the build system and should be available by the end of the day. Release notes should be available tomorrow.
Assignee: luigiwalser => qa-bugs
Installed in MGA8-64 Plasma, all works fine for the moment. - Audio and video ok. - Addons ok. - Settings and spanish translation ok. Updated from 102.3 version without issues in firefox profile.
CC: (none) => joselp
mga8-64 Plasma nvidia-current i7 OK, been using it today: clean update Settings and open tabs kept Swedish localisation Some video sites Some banking and shops Old minor problem: The about box say "mageia 1.0" https://bugs.mageia.org/show_bug.cgi?id=30867#c4
CC: (none) => fri
Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/ Advisory: ======================== Updated firefox packages fix security vulnerabilities: A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries() (CVE-2022-42927). Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption in the JS engine and a potentially exploitable crash (CVE-2022-42928). If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings (CVE-2022-42929). Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-42932). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932 https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8 https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/
Advisory committed to svn. Validating the update.
Whiteboard: (none) => MGA8-64-OKCC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0378.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this on October 20: https://access.redhat.com/errata/RHSA-2022:7071