33804 – Firefox 128.5

Bug 33804 - Firefox 128.5

Summary: Firefox 128.5

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK MGA9-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	33805
	Show dependency tree / graph

Reported:	2024-11-26 17:04 CET by Nicolas Salguero
Modified:	2024-12-02 18:18 CET (History)
CC List:	7 users (show)

See Also:
Source RPM:	rootcerts, nss, firefox, firefox-l10n
CVE:	CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-11-26 17:04:46 CET

Mozilla has released Firefox 128.5 on November 26:
https://www.mozilla.org/en-US/firefox/128.5.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/

Mozilla has released NSS 3.107 on November 21:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes

Moreover, rootcerts needs an update (seems like the latest files date from 2024-11-18).

Nicolas Salguero 2024-11-26 17:06:59 CET

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => rootcerts, nss, firefox, firefox-l10n
CVE: (none) => CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699

Nicolas Salguero 2024-11-26 17:08:51 CET

Blocks: (none) => 33805

Nicolas Salguero 2024-11-26 17:09:12 CET

Severity: normal => major

Comment 1 Morgan Leijström 2024-11-27 21:30:59 CET

I see FF and TB fail building on armv7hl
Should we QA test the other arches?

FF test OK for me mga9-64

CC: (none) => fri

Comment 2 Nicolas Salguero 2024-11-28 09:16:45 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Select list elements could be shown over another site. (CVE-2024-11692)

CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694)

URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695)

Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696)

Improper Keypress Handling in Executable File Confirmation Dialog. (CVE-2024-11697)

Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. (CVE-2024-11699)

References:
https://www.mozilla.org/en-US/firefox/128.5.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes
========================

Updated packages in core/updates_testing:
========================
rootcerts-20241119.00-1.mga9
rootcerts-java-20241119.00-1.mga9

lib(64)nss3-3.107.0-1.mga9
lib(64)nss-devel-3.107.0-1.mga9
lib(64)nss-static-devel-3.107.0-1.mga9
nss-3.107.0-1.mga9
nss-doc-3.107.0-1.mga9

firefox-128.5.0-1.mga9
firefox-af-128.5.0-1.mga9
firefox-an-128.5.0-1.mga9
firefox-ar-128.5.0-1.mga9
firefox-ast-128.5.0-1.mga9
firefox-az-128.5.0-1.mga9
firefox-be-128.5.0-1.mga9
firefox-bg-128.5.0-1.mga9
firefox-bn-128.5.0-1.mga9
firefox-br-128.5.0-1.mga9
firefox-bs-128.5.0-1.mga9
firefox-ca-128.5.0-1.mga9
firefox-cs-128.5.0-1.mga9
firefox-cy-128.5.0-1.mga9
firefox-da-128.5.0-1.mga9
firefox-de-128.5.0-1.mga9
firefox-el-128.5.0-1.mga9
firefox-en_CA-128.5.0-1.mga9
firefox-en_GB-128.5.0-1.mga9
firefox-en_US-128.5.0-1.mga9
firefox-eo-128.5.0-1.mga9
firefox-es_AR-128.5.0-1.mga9
firefox-es_CL-128.5.0-1.mga9
firefox-es_ES-128.5.0-1.mga9
firefox-es_MX-128.5.0-1.mga9
firefox-et-128.5.0-1.mga9
firefox-eu-128.5.0-1.mga9
firefox-fa-128.5.0-1.mga9
firefox-ff-128.5.0-1.mga9
firefox-fi-128.5.0-1.mga9
firefox-fr-128.5.0-1.mga9
firefox-fur-128.5.0-1.mga9
firefox-fy_NL-128.5.0-1.mga9
firefox-ga_IE-128.5.0-1.mga9
firefox-gd-128.5.0-1.mga9
firefox-gl-128.5.0-1.mga9
firefox-gu_IN-128.5.0-1.mga9
firefox-he-128.5.0-1.mga9
firefox-hi_IN-128.5.0-1.mga9
firefox-hr-128.5.0-1.mga9
firefox-hsb-128.5.0-1.mga9
firefox-hu-128.5.0-1.mga9
firefox-hy_AM-128.5.0-1.mga9
firefox-ia-128.5.0-1.mga9
firefox-id-128.5.0-1.mga9
firefox-is-128.5.0-1.mga9
firefox-it-128.5.0-1.mga9
firefox-ja-128.5.0-1.mga9
firefox-ka-128.5.0-1.mga9
firefox-kab-128.5.0-1.mga9
firefox-kk-128.5.0-1.mga9
firefox-km-128.5.0-1.mga9
firefox-kn-128.5.0-1.mga9
firefox-ko-128.5.0-1.mga9
firefox-lij-128.5.0-1.mga9
firefox-lt-128.5.0-1.mga9
firefox-lv-128.5.0-1.mga9
firefox-mk-128.5.0-1.mga9
firefox-mr-128.5.0-1.mga9
firefox-ms-128.5.0-1.mga9
firefox-my-128.5.0-1.mga9
firefox-nb_NO-128.5.0-1.mga9
firefox-nl-128.5.0-1.mga9
firefox-nn_NO-128.5.0-1.mga9
firefox-oc-128.5.0-1.mga9
firefox-pa_IN-128.5.0-1.mga9
firefox-pl-128.5.0-1.mga9
firefox-pt_BR-128.5.0-1.mga9
firefox-pt_PT-128.5.0-1.mga9
firefox-ro-128.5.0-1.mga9
firefox-ru-128.5.0-1.mga9
firefox-sc-128.5.0-1.mga9
firefox-si-128.5.0-1.mga9
firefox-sk-128.5.0-1.mga9
firefox-sl-128.5.0-1.mga9
firefox-sq-128.5.0-1.mga9
firefox-sr-128.5.0-1.mga9
firefox-sv_SE-128.5.0-1.mga9
firefox-szl-128.5.0-1.mga9
firefox-ta-128.5.0-1.mga9
firefox-te-128.5.0-1.mga9
firefox-tg-128.5.0-1.mga9
firefox-th-128.5.0-1.mga9
firefox-tl-128.5.0-1.mga9
firefox-tr-128.5.0-1.mga9
firefox-uk-128.5.0-1.mga9
firefox-ur-128.5.0-1.mga9
firefox-uz-128.5.0-1.mga9
firefox-vi-128.5.0-1.mga9
firefox-xh-128.5.0-1.mga9
firefox-zh_CN-128.5.0-1.mga9
firefox-zh_TW-128.5.0-1.mga9

from SRPMS:
rootcerts-20241119.00-1.mga9.src.rpm
nss-3.107.0-1.mga9.src.rpm
firefox-128.5.0-1.mga9.src.rpm
firefox-l10n-128.5.0-1.mga9.src.rpm

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

Comment 3 Herman Viaene 2024-11-28 15:51:19 CET

MGA9-64 Xfce on Compaq H000SB
No installation issues.
Plays usual sites OK.

CC: (none) => herman.viaene

katnatek 2024-11-28 18:06:40 CET

Keywords: (none) => advisory

Comment 4 Thomas Andrews 2024-11-29 17:16:02 CET

MGA9-64 Plasma on two machines - one Intel-based, the other AMD-based.

No installation issues. My usual morning sites, no issues so far.

CC: (none) => andrewsfarm

Comment 5 Brian Rockwell 2024-11-29 23:24:32 CET

MGA9-64, ‎AMD Ryzen 5 2600, Nvidia 1650 super, GNOME

The following 10 packages are going to be installed:

- firefox-128.5.0-1.mga9.x86_64
- firefox-en_CA-128.5.0-1.mga9.noarch
- firefox-en_GB-128.5.0-1.mga9.noarch
- firefox-en_US-128.5.0-1.mga9.noarch
- lib64nss-devel-3.107.0-1.mga9.x86_64
- lib64nss-static-devel-3.107.0-1.mga9.x86_64
- lib64nss3-3.107.0-1.mga9.x86_64
- nss-3.107.0-1.mga9.x86_64
- rootcerts-20241119.00-1.mga9.noarch
- rootcerts-java-20241119.00-1.mga9.noarch

75KB of additional disk space will be used.

----

rebooted

sound working
virtualbox working
networking is fine

works for me

CC: (none) => brtians1

Comment 6 Guillaume Royer 2024-11-30 17:21:44 CET

MGA X64 GNOME Core I5 16 Go RAM

Updates with RPMs:

firefox                        128.5.0      1.mga9        x86_64  
firefox-fr                     128.5.0      1.mga9        noarch  
lib64nss3                      3.107.0      1.mga9        x86_64  
nss                            3.107.0      1.mga9        x86_64  
rootcerts                      20241119.00  1.mga9        noarch  
rootcerts-java                 20241119.00  1.mga9        noarch  

Tested with:

Element Matric web client Ok
Bank site Ok 
Netflix Ok
Spotify Ok

CC: (none) => guillaume.royer

Comment 7 Jose Manuel López 2024-11-30 21:25:50 CET

Installed in Mageia x64 Plasma. 

PC: Slimbook ProX14 Amd 5700 H

Works fine for me. I have working for this version without issues.

Youtube ok.
Banks ok.
Digital certificates ok.
Settings and spanish translation ok.
Audio and video ok.

CC: (none) => Joselp

Comment 8 Brian Rockwell 2024-12-01 00:29:28 CET

MGA9-64, Xfce, AMD apu

The following 10 packages are going to be installed:

- firefox-128.5.0-1.mga9.x86_64
- firefox-en_CA-128.5.0-1.mga9.noarch
- firefox-en_GB-128.5.0-1.mga9.noarch
- firefox-en_US-128.5.0-1.mga9.noarch
- lib64nss-devel-3.107.0-1.mga9.x86_64
- lib64nss-static-devel-3.107.0-1.mga9.x86_64
- lib64nss3-3.107.0-1.mga9.x86_64
- nss-3.107.0-1.mga9.x86_64
- rootcerts-20241119.00-1.mga9.noarch
- rootcerts-java-20241119.00-1.mga9.noarch

158KB of additional disk space will be used.

===rebooted


email
websites
video work

Comment 9 Thomas Andrews 2024-12-01 23:00:45 CET

MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100, real 32-bit P4 hardware. Tested with the desktop and desktop586 kernels.

No installation issues. Tried a quick test with a few sites. They all worked, eventually, but the hardware wasn't designed to quickly render complex websites. OK within the hardware's limitations.

Comment 10 Thomas Andrews 2024-12-01 23:03:51 CET

I've been using this for several days on 64-bit hardware with no issues, no reports of issues from other testers, and there were no issues with the 32-bit test in comment 9. I think it's good to go.

Validating.

Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 11 Mageia Robot 2024-12-02 18:18:27 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0383.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.