33211 – Firefox 115.11

Bug 33211 - Firefox 115.11

Summary: Firefox 115.11

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	33218
	Show dependency tree / graph

Reported:	2024-05-14 16:54 CEST by Nicolas Salguero
Modified:	2024-05-22 01:18 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	nss, firefox, firefox-l10n
CVE:	CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-05-14 16:54:15 CEST

Mozilla has released Firefox 115.11 on May 14:
https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/

Mozilla has released NSS 3.100 on May 7:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html

Nicolas Salguero 2024-05-14 16:56:34 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777
Severity: normal => major
Source RPM: (none) => nss, firefox, firefox-l10n

Comment 1 Nicolas Salguero 2024-05-15 16:59:07 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367)

IndexedDB files retained in private browsing mode. (CVE-2024-4767)

Potential permissions request bypass via clickjacking. (CVE-2024-4768)

Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769)

Use-after-free could occur when printing to PDF. (CVE-2024-4770)

Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. (CVE-2024-4777)

References:
https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html
========================

Updated packages in core/updates_testing:
========================
lib64nss3-3.100.0-1.mga9
lib64nss-devel-3.100.0-1.mga9
lib64nss-static-devel-3.100.0-1.mga9
nss-3.100.0-1.mga9
nss-doc-3.100.0-1.mga9

firefox-115.11.0-1.mga9
firefox-af-115.11.0-1.mga9
firefox-an-115.11.0-1.mga9
firefox-ar-115.11.0-1.mga9
firefox-ast-115.11.0-1.mga9
firefox-az-115.11.0-1.mga9
firefox-be-115.11.0-1.mga9
firefox-bg-115.11.0-1.mga9
firefox-bn-115.11.0-1.mga9
firefox-br-115.11.0-1.mga9
firefox-bs-115.11.0-1.mga9
firefox-ca-115.11.0-1.mga9
firefox-cs-115.11.0-1.mga9
firefox-cy-115.11.0-1.mga9
firefox-da-115.11.0-1.mga9
firefox-de-115.11.0-1.mga9
firefox-el-115.11.0-1.mga9
firefox-en_CA-115.11.0-1.mga9
firefox-en_GB-115.11.0-1.mga9
firefox-en_US-115.11.0-1.mga9
firefox-eo-115.11.0-1.mga9
firefox-es_AR-115.11.0-1.mga9
firefox-es_CL-115.11.0-1.mga9
firefox-es_ES-115.11.0-1.mga9
firefox-es_MX-115.11.0-1.mga9
firefox-et-115.11.0-1.mga9
firefox-eu-115.11.0-1.mga9
firefox-fa-115.11.0-1.mga9
firefox-ff-115.11.0-1.mga9
firefox-fi-115.11.0-1.mga9
firefox-fr-115.11.0-1.mga9
firefox-fur-115.11.0-1.mga9
firefox-fy_NL-115.11.0-1.mga9
firefox-ga_IE-115.11.0-1.mga9
firefox-gd-115.11.0-1.mga9
firefox-gl-115.11.0-1.mga9
firefox-gu_IN-115.11.0-1.mga9
firefox-he-115.11.0-1.mga9
firefox-hi_IN-115.11.0-1.mga9
firefox-hr-115.11.0-1.mga9
firefox-hsb-115.11.0-1.mga9
firefox-hu-115.11.0-1.mga9
firefox-hy_AM-115.11.0-1.mga9
firefox-ia-115.11.0-1.mga9
firefox-id-115.11.0-1.mga9
firefox-is-115.11.0-1.mga9
firefox-it-115.11.0-1.mga9
firefox-ja-115.11.0-1.mga9
firefox-ka-115.11.0-1.mga9
firefox-kab-115.11.0-1.mga9
firefox-kk-115.11.0-1.mga9
firefox-km-115.11.0-1.mga9
firefox-kn-115.11.0-1.mga9
firefox-ko-115.11.0-1.mga9
firefox-lij-115.11.0-1.mga9
firefox-lt-115.11.0-1.mga9
firefox-lv-115.11.0-1.mga9
firefox-mk-115.11.0-1.mga9
firefox-mr-115.11.0-1.mga9
firefox-ms-115.11.0-1.mga9
firefox-my-115.11.0-1.mga9
firefox-nb_NO-115.11.0-1.mga9
firefox-nl-115.11.0-1.mga9
firefox-nn_NO-115.11.0-1.mga9
firefox-oc-115.11.0-1.mga9
firefox-pa_IN-115.11.0-1.mga9
firefox-pl-115.11.0-1.mga9
firefox-pt_BR-115.11.0-1.mga9
firefox-pt_PT-115.11.0-1.mga9
firefox-ro-115.11.0-1.mga9
firefox-ru-115.11.0-1.mga9
firefox-sc-115.11.0-1.mga9
firefox-si-115.11.0-1.mga9
firefox-sk-115.11.0-1.mga9
firefox-sl-115.11.0-1.mga9
firefox-sq-115.11.0-1.mga9
firefox-sr-115.11.0-1.mga9
firefox-sv_SE-115.11.0-1.mga9
firefox-szl-115.11.0-1.mga9
firefox-ta-115.11.0-1.mga9
firefox-te-115.11.0-1.mga9
firefox-tg-115.11.0-1.mga9
firefox-th-115.11.0-1.mga9
firefox-tl-115.11.0-1.mga9
firefox-tr-115.11.0-1.mga9
firefox-uk-115.11.0-1.mga9
firefox-ur-115.11.0-1.mga9
firefox-uz-115.11.0-1.mga9
firefox-vi-115.11.0-1.mga9
firefox-xh-115.11.0-1.mga9
firefox-zh_CN-115.11.0-1.mga9
firefox-zh_TW-115.11.0-1.mga9

from SRPMS:
nss-3.100.0-1.mga9.src.rpm
firefox-115.11.0-1.mga9.src.rpm
firefox-l10n-115.11.0-1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs
Version: Cauldron => 9

katnatek 2024-05-16 04:19:22 CEST

Keywords: (none) => advisory

Comment 2 Herman Viaene 2024-05-16 13:59:06 CEST

MGA9-64 Plasma Wayland on HP-Pavillion.
No installation issues and it seems working normally on different sites.

CC: (none) => herman.viaene

Nicolas Salguero 2024-05-16 14:37:35 CEST

Blocks: (none) => 33218

Comment 3 Morgan Leijström 2024-05-16 19:44:55 CEST

mga9-64 OK here

Plasma X11,
nvidia-current on one machine, nouveau on another

clean update


Swedish locale
Remembered settings and a hundred+ open tabs
Video sites
Banking sites
Webshops
Mageia pages :)
Printing


Below, see output from launching it in konsole.
Probably no problem.  No usage issue noted.

[ettan@localhost ~]$ firefox
kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "Mozilla Firefox" msgid_plural: "" msgctxt: ""
kf.kio.core: Malformed JSON protocol file for protocol: "trash" , number of the ExtraNames fields should match the number of ExtraTypes fields
[Parent 322843, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.11.0/toolkit/xre/nsSigHandlers.cpp:167

(firefox:322843): GLib-GIO-WARNING **: 09:45:14.772: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.
[Parent 322843, Main Thread] WARNING: g_object_ref: assertion 'G_IS_OBJECT (object)' failed: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-115.11.0/toolkit/xre/nsSigHandlers.cpp:167

(firefox:322843): GLib-GObject-CRITICAL **: 09:48:00.200: g_object_ref: assertion 'G_IS_OBJECT (object)' failed

(/usr/lib64/firefox/firefox:323061): dconf-WARNING **: 09:48:00.328: Unable to open /var/lib/flatpak/exports/share/dconf/profile/user: Åtkomst nekas

CC: (none) => fri

Comment 4 katnatek 2024-05-17 03:40:07 CEST

VM mageia 9 x86_64

updated without issues
rpm -qa|grep firefox
firefox-115.11.0-1.mga9
firefox-en_US-115.11.0-1.mga9
firefox-es_ES-115.11.0-1.mga9
firefox-en_GB-115.11.0-1.mga9
firefox-en_CA-115.11.0-1.mga9
firefox-es_CL-115.11.0-1.mga9
firefox-es_MX-115.11.0-1.mga9
firefox-es_AR-115.11.0-1.mga9

rpm -qa|grep nss|grep 3.100
nss-3.100.0-1.mga9
lib64nss3-3.100.0-1.mga9

facebook OK
Youtube OK

Post this comment from the updated firefox

Comment 5 Jose Manuel López 2024-05-17 10:10:41 CEST

Hi,

Installed today in Mga 9 Plasma X86_64.

Works fine for the moment.

Banks, settings, addons, spanish translation, digital certificates, sound and video ok.

Greetings!

CC: (none) => joselp

Comment 6 katnatek 2024-05-17 18:08:32 CEST

We have a good set of test in x86_64

Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm

Comment 7 Brian Rockwell 2024-05-17 19:41:56 CEST

mga9-64, cinnamon, nouveau

working as expected, i've been using it for a bunch of functions without issue.

CC: (none) => brtians1

Comment 8 Tony Blackwell 2024-05-19 11:52:13 CEST

M9 x86_64, xfce.

Working fine.  In particular I note my pre-existing citrix workspace apps continue to work without problem after the upgrade.

CC: (none) => tablackwell

Comment 9 Thomas Andrews 2024-05-20 13:55:41 CEST

Working well in 64- bit for me, too. Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2024-05-22 01:18:35 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0189.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.