33288 – Firefox 115.12

Bug 33288 - Firefox 115.12

Summary: Firefox 115.12

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2024-06-11 16:22 CEST by Nicolas Salguero
Modified:	2024-06-16 01:08 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	nss, firefox, firefox-l10n
CVE:	CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-06-11 16:22:46 CEST

Mozilla has released Firefox 115.12 on June 11:
https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/

Mozilla has released NSS 3.101 on June 6:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_101.html

Nicolas Salguero 2024-06-11 16:24:41 CEST

Source RPM: (none) => nss, firefox, firefox-l10n
CVE: (none) => CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700
Whiteboard: (none) => MGA9TOO
Severity: normal => major

Comment 1 Nicolas Salguero 2024-06-11 16:41:53 CEST

There is also a new version of rootcerts: 20240608

Source RPM: nss, firefox, firefox-l10n => rootcerts, nss, firefox, firefox-l10n

Comment 2 Nicolas Salguero 2024-06-11 17:02:37 CEST

Actually, certdata.txt was not modified so there is no new version of rootcerts.

Source RPM: rootcerts, nss, firefox, firefox-l10n => nss, firefox, firefox-l10n

Comment 3 Lewis Smith 2024-06-11 20:57:20 CEST

Handing this over to you, Nicolas. Pass it to pkg-bugs if you prefer.

Assignee: bugsquad => nicolas.salguero

Comment 4 Nicolas Salguero 2024-06-13 14:00:37 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Use-after-free in networking. (CVE-2024-5702)

Use-after-free in JavaScript object transplant. (CVE-2024-5688)

External protocol handlers leaked by timing attack. (CVE-2024-5690)

Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691)

Cross-Origin Image leak via Offscreen Canvas. (CVE-2024-5693)

Memory Corruption in Text Fragments. (CVE-2024-5696)

Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. (CVE-2024-5700)

References:
https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_101.html
========================

Updated packages in core/updates_testing:
========================
lib64nss3-3.101.0-1.mga9
lib64nss-devel-3.101.0-1.mga9
lib64nss-static-devel-3.101.0-1.mga9
nss-3.101.0-1.mga9
nss-doc-3.101.0-1.mga9

firefox-115.12.0-1.mga9
firefox-af-115.12.0-1.mga9
firefox-an-115.12.0-1.mga9
firefox-ar-115.12.0-1.mga9
firefox-ast-115.12.0-1.mga9
firefox-az-115.12.0-1.mga9
firefox-be-115.12.0-1.mga9
firefox-bg-115.12.0-1.mga9
firefox-bn-115.12.0-1.mga9
firefox-br-115.12.0-1.mga9
firefox-bs-115.12.0-1.mga9
firefox-ca-115.12.0-1.mga9
firefox-cs-115.12.0-1.mga9
firefox-cy-115.12.0-1.mga9
firefox-da-115.12.0-1.mga9
firefox-de-115.12.0-1.mga9
firefox-el-115.12.0-1.mga9
firefox-en_CA-115.12.0-1.mga9
firefox-en_GB-115.12.0-1.mga9
firefox-en_US-115.12.0-1.mga9
firefox-eo-115.12.0-1.mga9
firefox-es_AR-115.12.0-1.mga9
firefox-es_CL-115.12.0-1.mga9
firefox-es_ES-115.12.0-1.mga9
firefox-es_MX-115.12.0-1.mga9
firefox-et-115.12.0-1.mga9
firefox-eu-115.12.0-1.mga9
firefox-fa-115.12.0-1.mga9
firefox-ff-115.12.0-1.mga9
firefox-fi-115.12.0-1.mga9
firefox-fr-115.12.0-1.mga9
firefox-fur-115.12.0-1.mga9
firefox-fy_NL-115.12.0-1.mga9
firefox-ga_IE-115.12.0-1.mga9
firefox-gd-115.12.0-1.mga9
firefox-gl-115.12.0-1.mga9
firefox-gu_IN-115.12.0-1.mga9
firefox-he-115.12.0-1.mga9
firefox-hi_IN-115.12.0-1.mga9
firefox-hr-115.12.0-1.mga9
firefox-hsb-115.12.0-1.mga9
firefox-hu-115.12.0-1.mga9
firefox-hy_AM-115.12.0-1.mga9
firefox-ia-115.12.0-1.mga9
firefox-id-115.12.0-1.mga9
firefox-is-115.12.0-1.mga9
firefox-it-115.12.0-1.mga9
firefox-ja-115.12.0-1.mga9
firefox-ka-115.12.0-1.mga9
firefox-kab-115.12.0-1.mga9
firefox-kk-115.12.0-1.mga9
firefox-km-115.12.0-1.mga9
firefox-kn-115.12.0-1.mga9
firefox-ko-115.12.0-1.mga9
firefox-lij-115.12.0-1.mga9
firefox-lt-115.12.0-1.mga9
firefox-lv-115.12.0-1.mga9
firefox-mk-115.12.0-1.mga9
firefox-mr-115.12.0-1.mga9
firefox-ms-115.12.0-1.mga9
firefox-my-115.12.0-1.mga9
firefox-nb_NO-115.12.0-1.mga9
firefox-nl-115.12.0-1.mga9
firefox-nn_NO-115.12.0-1.mga9
firefox-oc-115.12.0-1.mga9
firefox-pa_IN-115.12.0-1.mga9
firefox-pl-115.12.0-1.mga9
firefox-pt_BR-115.12.0-1.mga9
firefox-pt_PT-115.12.0-1.mga9
firefox-ro-115.12.0-1.mga9
firefox-ru-115.12.0-1.mga9
firefox-sc-115.12.0-1.mga9
firefox-si-115.12.0-1.mga9
firefox-sk-115.12.0-1.mga9
firefox-sl-115.12.0-1.mga9
firefox-sq-115.12.0-1.mga9
firefox-sr-115.12.0-1.mga9
firefox-sv_SE-115.12.0-1.mga9
firefox-szl-115.12.0-1.mga9
firefox-ta-115.12.0-1.mga9
firefox-te-115.12.0-1.mga9
firefox-tg-115.12.0-1.mga9
firefox-th-115.12.0-1.mga9
firefox-tl-115.12.0-1.mga9
firefox-tr-115.12.0-1.mga9
firefox-uk-115.12.0-1.mga9
firefox-ur-115.12.0-1.mga9
firefox-uz-115.12.0-1.mga9
firefox-vi-115.12.0-1.mga9
firefox-xh-115.12.0-1.mga9
firefox-zh_CN-115.12.0-1.mga9
firefox-zh_TW-115.12.0-1.mga9

from SRPMS:
nss-3.101.0-1.mga9.src.rpm
firefox-115.12.0-1.mga9.src.rpm
firefox-l10n-115.12.0-1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 9
Status: NEW => ASSIGNED

katnatek 2024-06-13 19:40:12 CEST

Keywords: (none) => advisory

Comment 5 Len Lawrence 2024-06-14 13:11:58 CEST

mga9, x86_64
Updated Firefox with en_GB working fine here, bank, newspaper, MADB, xkcd, APOD, Youtube, localfiles .......

CC: (none) => tarazed25

Comment 6 Jose Manuel López 2024-06-14 15:09:24 CEST

Mageia 9 Plasma, x86_64

Installed in Intel I5 and amd 4800H

Works fine for me. I am using from yesterday. Banks, youtube, audio and video, settings, spanish translation ok.

No issues for the moment.

CC: (none) => joselp

Comment 7 Morgan Leijström 2024-06-14 15:21:21 CEST

mga9-64 Plasma X11 nvidia-current

OK here

Swedish localisation
Settings kept
Previously opened tabs restored
Video sites svt.se, urplay.se, Youtube
3xBanking, tax office
Saving file
Printing

CC: (none) => fri

Comment 8 Thomas Andrews 2024-06-15 04:44:16 CEST

MGA9-64 Plasma X11. No issues here.

CC: (none) => andrewsfarm

Comment 9 Brian Rockwell 2024-06-15 05:04:02 CEST

MGA9-64, Plasma, Ryzen 3015i APU

installed base update files and nss update.

Working as expected.

CC: (none) => brtians1

Comment 10 Tony Blackwell 2024-06-15 22:53:16 CEST

M9 x86_64 xfce.  Firefox 115.12 working fine, no issues

CC: (none) => tablackwell

Morgan Leijström 2024-06-16 00:34:15 CEST

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 11 Mageia Robot 2024-06-16 01:08:39 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0222.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.