Mozilla has released Firefox 102.11.0 today (May 9): https://www.mozilla.org/en-US/firefox/102.11.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/ There are also rootcerts and nss updates: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/tZjTXdS8GQs https://firefox-source-docs.mozilla.org/security/nss/releases/index.html https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html Package list should be as follows. Updated packages in core/updates_testing: ======================================== rootcerts-20230505.00-1.mga8 rootcerts-java-20230505.00-1.mga8 libnss3-3.89.1-1.mga8 libnss-devel-3.89.1-1.mga8 libnss-static-devel-3.89.1-1.mga8 nss-3.89.1-1.mga8 nss-doc-3.89.1-1.mga8 firefox-102.11.0-1.mga8 firefox-af-102.11.0-1.mga8 firefox-an-102.11.0-1.mga8 firefox-ar-102.11.0-1.mga8 firefox-ast-102.11.0-1.mga8 firefox-az-102.11.0-1.mga8 firefox-be-102.11.0-1.mga8 firefox-bg-102.11.0-1.mga8 firefox-bn-102.11.0-1.mga8 firefox-br-102.11.0-1.mga8 firefox-bs-102.11.0-1.mga8 firefox-ca-102.11.0-1.mga8 firefox-cs-102.11.0-1.mga8 firefox-cy-102.11.0-1.mga8 firefox-da-102.11.0-1.mga8 firefox-de-102.11.0-1.mga8 firefox-el-102.11.0-1.mga8 firefox-en_CA-102.11.0-1.mga8 firefox-en_GB-102.11.0-1.mga8 firefox-en_US-102.11.0-1.mga8 firefox-eo-102.11.0-1.mga8 firefox-es_AR-102.11.0-1.mga8 firefox-es_CL-102.11.0-1.mga8 firefox-es_ES-102.11.0-1.mga8 firefox-es_MX-102.11.0-1.mga8 firefox-et-102.11.0-1.mga8 firefox-eu-102.11.0-1.mga8 firefox-fa-102.11.0-1.mga8 firefox-ff-102.11.0-1.mga8 firefox-fi-102.11.0-1.mga8 firefox-fr-102.11.0-1.mga8 firefox-fy_NL-102.11.0-1.mga8 firefox-ga_IE-102.11.0-1.mga8 firefox-gd-102.11.0-1.mga8 firefox-gl-102.11.0-1.mga8 firefox-gu_IN-102.11.0-1.mga8 firefox-he-102.11.0-1.mga8 firefox-hi_IN-102.11.0-1.mga8 firefox-hr-102.11.0-1.mga8 firefox-hsb-102.11.0-1.mga8 firefox-hu-102.11.0-1.mga8 firefox-hy_AM-102.11.0-1.mga8 firefox-ia-102.11.0-1.mga8 firefox-id-102.11.0-1.mga8 firefox-is-102.11.0-1.mga8 firefox-it-102.11.0-1.mga8 firefox-ja-102.11.0-1.mga8 firefox-ka-102.11.0-1.mga8 firefox-kab-102.11.0-1.mga8 firefox-kk-102.11.0-1.mga8 firefox-km-102.11.0-1.mga8 firefox-kn-102.11.0-1.mga8 firefox-ko-102.11.0-1.mga8 firefox-lij-102.11.0-1.mga8 firefox-lt-102.11.0-1.mga8 firefox-lv-102.11.0-1.mga8 firefox-mk-102.11.0-1.mga8 firefox-mr-102.11.0-1.mga8 firefox-ms-102.11.0-1.mga8 firefox-my-102.11.0-1.mga8 firefox-nb_NO-102.11.0-1.mga8 firefox-nl-102.11.0-1.mga8 firefox-nn_NO-102.11.0-1.mga8 firefox-oc-102.11.0-1.mga8 firefox-pa_IN-102.11.0-1.mga8 firefox-pl-102.11.0-1.mga8 firefox-pt_BR-102.11.0-1.mga8 firefox-pt_PT-102.11.0-1.mga8 firefox-ro-102.11.0-1.mga8 firefox-ru-102.11.0-1.mga8 firefox-si-102.11.0-1.mga8 firefox-sk-102.11.0-1.mga8 firefox-sl-102.11.0-1.mga8 firefox-sq-102.11.0-1.mga8 firefox-sr-102.11.0-1.mga8 firefox-sv_SE-102.11.0-1.mga8 firefox-szl-102.11.0-1.mga8 firefox-ta-102.11.0-1.mga8 firefox-te-102.11.0-1.mga8 firefox-th-102.11.0-1.mga8 firefox-tl-102.11.0-1.mga8 firefox-tr-102.11.0-1.mga8 firefox-uk-102.11.0-1.mga8 firefox-ur-102.11.0-1.mga8 firefox-uz-102.11.0-1.mga8 firefox-vi-102.11.0-1.mga8 firefox-xh-102.11.0-1.mga8 firefox-zh_CN-102.11.0-1.mga8 firefox-zh_TW-102.11.0-1.mga8 from SRPMS: rootcerts-20230505.00-1.mga8.src.rpm nss-3.89.1-1.mga8.src.rpm firefox-102.11.0-1.mga8.src.rpm firefox-l10n-102.11.0-1.mga8.src.rpm Packages built and uploaded. Still pending freeze move in Cauldron. Advisory: ======================== Updated firefox packages fix security vulnerabilities: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205). An out-of-bounds read could have led to a crash in the RLBox Expat driver (CVE-2023-32206). A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions (CVE-2023-32207). A type checking bug would have led to invalid wasm code being compiled, causing a content process crash (CVE-2023-32211). An attacker could have positioned a datalist element to obscure the address bar (CVE-2023-32212). When reading a file, an uninitialized value could have been used as read limit, causing memory corruption in FileReader::DoReadData() (CVE-2023-32213). Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2023-32215). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32211 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32212 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32213 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32215 https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/tZjTXdS8GQs https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/
(In reply to David Walser from comment #0) > Packages built and uploaded. Still pending freeze move in Cauldron. Copy-paste error, builds are still in progress.
I see firefox-l10n-102.11.0-1.mga9 in https://pkgsubmit.mageia.org/ but not firefox-l10n-102.11.0-1.mga8
CC: (none) => davidwhodgins
Firefox isn't done building on any architectures yet for the Mageia 8 update. I usually wait until at least one finishes (it turns blue) before submitting l10n. I don't like to have one built and uploaded without the other for too long, since sometimes it messes people up.
Freeze move done. Assigning to QA.
Assignee: luigiwalser => qa-bugs
Blocks: (none) => 31911
MGA8-64 Plasma on an HP Pavilion 15. No installation issues, and no problems to report, yet anyway. Also, I have been using this version of Firefox in Cauldron, with no issues there, either.
CC: (none) => andrewsfarm
Mageia 8 x64 Mate. Updated OK and working fine.
CC: (none) => tarazed25
No regressions noticed. Advisory committed to svn. Validating the update.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0171.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (May 18): https://access.redhat.com/errata/RHSA-2023:3220