Mozilla has released Firefox 115.4 on October 24: https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
Moreover Mozilla has released NSS 3.94 on October 2: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html
Whiteboard: (none) => MGA9TOOSource RPM: (none) => nss, firefox, firefox-l10nCC: (none) => nicolas.salguero
Blocks: (none) => 32478
Nicolas, once again changing you from CC to assignee as it is you who updates Firefox. Please re-assign it if that is not right.
Assignee: bugsquad => nicolas.salgueroCC: nicolas.salguero => (none)
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721) Address bar spoofing via bidirectional characters. (CVE-2023-5732) Large WebGL draw could have led to a crash. (CVE-2023-5724) WebExtensions could open arbitrary URLs. (CVE-2023-5725) Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730 https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/ https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html ======================== Updated packages in core/updates_testing: ======================== lib(64)nss3-3.94.0-1.mga9 lib(64)nss-devel-3.94.0-1.mga9 lib(64)nss-static-devel-3.94.0-1.mga9 nss-3.94.0-1.mga9 nss-doc-3.94.0-1.mga9 firefox-115.4.0-1.mga9 firefox-af-115.4.0-1.mga9 firefox-an-115.4.0-1.mga9 firefox-ar-115.4.0-1.mga9 firefox-ast-115.4.0-1.mga9 firefox-az-115.4.0-1.mga9 firefox-be-115.4.0-1.mga9 firefox-bg-115.4.0-1.mga9 firefox-bn-115.4.0-1.mga9 firefox-br-115.4.0-1.mga9 firefox-bs-115.4.0-1.mga9 firefox-ca-115.4.0-1.mga9 firefox-cs-115.4.0-1.mga9 firefox-cy-115.4.0-1.mga9 firefox-da-115.4.0-1.mga9 firefox-de-115.4.0-1.mga9 firefox-el-115.4.0-1.mga9 firefox-en_CA-115.4.0-1.mga9 firefox-en_GB-115.4.0-1.mga9 firefox-en_US-115.4.0-1.mga9 firefox-eo-115.4.0-1.mga9 firefox-es_AR-115.4.0-1.mga9 firefox-es_CL-115.4.0-1.mga9 firefox-es_ES-115.4.0-1.mga9 firefox-es_MX-115.4.0-1.mga9 firefox-et-115.4.0-1.mga9 firefox-eu-115.4.0-1.mga9 firefox-fa-115.4.0-1.mga9 firefox-ff-115.4.0-1.mga9 firefox-fi-115.4.0-1.mga9 firefox-fr-115.4.0-1.mga9 firefox-fur-115.4.0-1.mga9 firefox-fy_NL-115.4.0-1.mga9 firefox-ga_IE-115.4.0-1.mga9 firefox-gd-115.4.0-1.mga9 firefox-gl-115.4.0-1.mga9 firefox-gu_IN-115.4.0-1.mga9 firefox-he-115.4.0-1.mga9 firefox-hi_IN-115.4.0-1.mga9 firefox-hr-115.4.0-1.mga9 firefox-hsb-115.4.0-1.mga9 firefox-hu-115.4.0-1.mga9 firefox-hy_AM-115.4.0-1.mga9 firefox-ia-115.4.0-1.mga9 firefox-id-115.4.0-1.mga9 firefox-is-115.4.0-1.mga9 firefox-it-115.4.0-1.mga9 firefox-ja-115.4.0-1.mga9 firefox-ka-115.4.0-1.mga9 firefox-kab-115.4.0-1.mga9 firefox-kk-115.4.0-1.mga9 firefox-km-115.4.0-1.mga9 firefox-kn-115.4.0-1.mga9 firefox-ko-115.4.0-1.mga9 firefox-lij-115.4.0-1.mga9 firefox-lt-115.4.0-1.mga9 firefox-lv-115.4.0-1.mga9 firefox-mk-115.4.0-1.mga9 firefox-mr-115.4.0-1.mga9 firefox-ms-115.4.0-1.mga9 firefox-my-115.4.0-1.mga9 firefox-nb_NO-115.4.0-1.mga9 firefox-nl-115.4.0-1.mga9 firefox-nn_NO-115.4.0-1.mga9 firefox-oc-115.4.0-1.mga9 firefox-pa_IN-115.4.0-1.mga9 firefox-pl-115.4.0-1.mga9 firefox-pt_BR-115.4.0-1.mga9 firefox-pt_PT-115.4.0-1.mga9 firefox-ro-115.4.0-1.mga9 firefox-ru-115.4.0-1.mga9 firefox-sc-115.4.0-1.mga9 firefox-si-115.4.0-1.mga9 firefox-sk-115.4.0-1.mga9 firefox-sl-115.4.0-1.mga9 firefox-sq-115.4.0-1.mga9 firefox-sr-115.4.0-1.mga9 firefox-sv_SE-115.4.0-1.mga9 firefox-szl-115.4.0-1.mga9 firefox-ta-115.4.0-1.mga9 firefox-te-115.4.0-1.mga9 firefox-tg-115.4.0-1.mga9 firefox-th-115.4.0-1.mga9 firefox-tl-115.4.0-1.mga9 firefox-tr-115.4.0-1.mga9 firefox-uk-115.4.0-1.mga9 firefox-ur-115.4.0-1.mga9 firefox-uz-115.4.0-1.mga9 firefox-vi-115.4.0-1.mga9 firefox-xh-115.4.0-1.mga9 firefox-zh_CN-115.4.0-1.mga9 firefox-zh_TW-115.4.0-1.mga9 from SRPMS: nss-3.94.0-1.mga9.src.rpm firefox-115.4.0-1.mga9.src.rpm firefox-l10n-115.4.0-1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA9TOO => (none)Version: Cauldron => 9CC: (none) => nicolas.salguero
Advisory from comment 3 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisoryCC: (none) => marja11
MGA9-64 Xfce on Acer Aspire 5253 No installation issues. Usual newspaper site, youtube, banksite, all OK.
CC: (none) => herman.viaene
Could you please consider to add support for Wayland in the next build? --enable-default-toolkit=cairo-gtk3-wayland
CC: (none) => xerxes2
mga9-64 OK for me Plasma X11, nvidia470 on GTX750, kernel-linus-6.4.16-5, Intel i7-870 Localisation (Swedish) OK Restored tabs, about 100 My usual test of some banking, shops, and video sites ---- Some warnings appear on launch: (I have seen the GLib-GIO-WARNING from other applications) $ firefox kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "Mozilla Firefox" msgid_plural: "" msgctxt: "" kf.kio.core: Malformed JSON protocol file for protocol: "trash" , number of the ExtraNames fields should match the number of ExtraTypes fields [Parent 1332539, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.4.0/toolkit/xre/nsSigHandlers.cpp:167 (firefox:1332539): GLib-GIO-WARNING **: 15:40:19.923: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.
CC: (none) => fri
MGA9-64 Plasma. No installation issues. I don't normally launch Firefox from the command line, but if I do I see warnings similar to the ones Morgan is seeing. It doesn't seem to affect function, though, as all websites that I tried worked perfectly.
CC: (none) => andrewsfarm
Hi, Installed in Mga9 Plasma X86-64. Works fine for me for the moment. Video and audio ok. Banks ok. Settings and spanish translation ok. Digital certificates ok. Sync account ok.
CC: (none) => joselp
MGA9-64 Plasma on an HP Pavilion 15. Updated US English versions of Firefox and Thunderbird in one operation, with no installation issues. No operational issues to report, either.
MGA9-32 Xfce on an HP Probook 6550b, using the server kernel. Also MGA9-32 Xfce on real 32-bit hardware, Foolishness - my Dell Inspiron 5100. No issues with either system. Giving this OKs on both arches, and validating.
Whiteboard: (none) => MGA9-32-OK MGA9-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0308.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED