Mozilla has released Firefox 102.6.0 today (December 13):
The release notes have not been posted yet.
There is also an nss update (the rootcerts update is in Bug 31232):
Package list should be as follows.
Updated packages in core/updates_testing:
Updates have been submitted to the build system and should be available by the end of the day.
Security issues fixed:
Updated firefox packages fix security vulnerabilities:
An attacker who compromised a content process could have partially escaped the
sandbox to read arbitrary files via clipboard-related IPC messages
A drag-and-dropped file with a long filename could have had its filename
truncated to remove the valid extension, leaving a malicious extension in its
place. This could potentially led to user confusion and the execution of
malicious code (CVE-2022-46874).
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla
Fuzzing Team reported memory safety bugs present in Firefox ESR 102.5. Some of
these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code
A missing check related to tex units could have led to a use-after-free in
WebGL and potentially exploitable crash (CVE-2022-46880).
An optimization in WebGL was incorrect in some cases, and could have led to
memory corruption and a potentially exploitable crash (CVE-2022-46881).
A use-after-free in WebGL extensions could have led to a potentially
exploitable crash (CVE-2022-46882).
mga8-64 OK for me
Plasma, i7-3770, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.
Tested various banking, authority, shops, different login methods, video sites.
__Still not fixed__
The about box still say "mageia - 1.0"
Installed in Mga 8 Plasma in two computers, no issues for the moment.
Audio and video ok.
Spanish translation ok.
Right now, writing for this new version.
Only as comment 2. The about box still say "mageia - 1.0"
MGA8 XFCE 64 with nvidia graphic card
updated with QA repo and RPMs:
firefox 102.6.0 1.mga8 x86_64
firefox-fr 102.6.0 1.mga8 noarch
lib64nss3 3.86.0 1.mga8 x86_64
nss 3.86.0 1.mga8 x86_64
No issues after installation:
Audio and Vidéo OK (Spotify and Netflix)
Bank sites OK
Matrix web client OK
RedHat has issued an advisory for this today (December 15):
MGA8-64 Plasma system, i5-2500, Intel graphics, wired Internet.
Updated the US English versions of Firefox and Thunderbird at the same time, and have been using them off and on for nearly four hours with no issues to report.
MGA8-64 Plasma system, HP Pavilion 15, AMD A8-4555, AMD "Aruba" graphics, rtl8818EE wifi.
Updated Firefox and Thunderbird at the same time, read my morning newspaper, checked tracking of a package, making this report, all OK.
Tested with Canadian English, and with French.
Validating. Advisory committed to svn.
An update for this issue has been pushed to the Mageia Updates repository.
- Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates.
from this nss update is CVE-2022-23491:
So that was fixed in this update too.