Suggested advisory:
========================

The updated packages fix security vulnerabilities:

WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237)

Use-after-free when breaking lines in text. (CVE-2025-0238)

Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239)

Compartment mismatch when parsing JavaScript JSON module. (CVE-2025-0240)

Memory corruption when using JavaScript Text Segmentation. (CVE-2025-0241)

Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. (CVE-2025-0242)

Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. (CVE-2025-0243)

References:
https://www.mozilla.org/en-US/firefox/128.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
========================

Updated packages in core/updates_testing:
========================
firefox-128.6.0-1.mga9
firefox-af-128.6.0-1.mga9
firefox-an-128.6.0-1.mga9
firefox-ar-128.6.0-1.mga9
firefox-ast-128.6.0-1.mga9
firefox-az-128.6.0-1.mga9
firefox-be-128.6.0-1.mga9
firefox-bg-128.6.0-1.mga9
firefox-bn-128.6.0-1.mga9
firefox-br-128.6.0-1.mga9
firefox-bs-128.6.0-1.mga9
firefox-ca-128.6.0-1.mga9
firefox-cs-128.6.0-1.mga9
firefox-cy-128.6.0-1.mga9
firefox-da-128.6.0-1.mga9
firefox-de-128.6.0-1.mga9
firefox-el-128.6.0-1.mga9
firefox-en_CA-128.6.0-1.mga9
firefox-en_GB-128.6.0-1.mga9
firefox-en_US-128.6.0-1.mga9
firefox-eo-128.6.0-1.mga9
firefox-es_AR-128.6.0-1.mga9
firefox-es_CL-128.6.0-1.mga9
firefox-es_ES-128.6.0-1.mga9
firefox-es_MX-128.6.0-1.mga9
firefox-et-128.6.0-1.mga9
firefox-eu-128.6.0-1.mga9
firefox-fa-128.6.0-1.mga9
firefox-ff-128.6.0-1.mga9
firefox-fi-128.6.0-1.mga9
firefox-fr-128.6.0-1.mga9
firefox-fur-128.6.0-1.mga9
firefox-fy_NL-128.6.0-1.mga9
firefox-ga_IE-128.6.0-1.mga9
firefox-gd-128.6.0-1.mga9
firefox-gl-128.6.0-1.mga9
firefox-gu_IN-128.6.0-1.mga9
firefox-he-128.6.0-1.mga9
firefox-hi_IN-128.6.0-1.mga9
firefox-hr-128.6.0-1.mga9
firefox-hsb-128.6.0-1.mga9
firefox-hu-128.6.0-1.mga9
firefox-hy_AM-128.6.0-1.mga9
firefox-ia-128.6.0-1.mga9
firefox-id-128.6.0-1.mga9
firefox-is-128.6.0-1.mga9
firefox-it-128.6.0-1.mga9
firefox-ja-128.6.0-1.mga9
firefox-ka-128.6.0-1.mga9
firefox-kab-128.6.0-1.mga9
firefox-kk-128.6.0-1.mga9
firefox-km-128.6.0-1.mga9
firefox-kn-128.6.0-1.mga9
firefox-ko-128.6.0-1.mga9
firefox-lij-128.6.0-1.mga9
firefox-lt-128.6.0-1.mga9
firefox-lv-128.6.0-1.mga9
firefox-mk-128.6.0-1.mga9
firefox-mr-128.6.0-1.mga9
firefox-ms-128.6.0-1.mga9
firefox-my-128.6.0-1.mga9
firefox-nb_NO-128.6.0-1.mga9
firefox-nl-128.6.0-1.mga9
firefox-nn_NO-128.6.0-1.mga9
firefox-oc-128.6.0-1.mga9
firefox-pa_IN-128.6.0-1.mga9
firefox-pl-128.6.0-1.mga9
firefox-pt_BR-128.6.0-1.mga9
firefox-pt_PT-128.6.0-1.mga9
firefox-ro-128.6.0-1.mga9
firefox-ru-128.6.0-1.mga9
firefox-sc-128.6.0-1.mga9
firefox-si-128.6.0-1.mga9
firefox-sk-128.6.0-1.mga9
firefox-sl-128.6.0-1.mga9
firefox-sq-128.6.0-1.mga9
firefox-sr-128.6.0-1.mga9
firefox-sv_SE-128.6.0-1.mga9
firefox-szl-128.6.0-1.mga9
firefox-ta-128.6.0-1.mga9
firefox-te-128.6.0-1.mga9
firefox-tg-128.6.0-1.mga9
firefox-th-128.6.0-1.mga9
firefox-tl-128.6.0-1.mga9
firefox-tr-128.6.0-1.mga9
firefox-uk-128.6.0-1.mga9
firefox-ur-128.6.0-1.mga9
firefox-uz-128.6.0-1.mga9
firefox-vi-128.6.0-1.mga9
firefox-xh-128.6.0-1.mga9
firefox-zh_CN-128.6.0-1.mga9
firefox-zh_TW-128.6.0-1.mga9

from SRPMS:
firefox-128.6.0-1.mga9.src.rpm
firefox-l10n-128.6.0-1.mga9.src.rpm

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

mga9-64 OK
Plasma, Swedish locale

Intel Core i7 870, GPU: AMD Navi 24 Radeon RX 6400

Closed FF, updated, start again.
Actually rebooted.

Help -> about say "128.6.0esr (64-bitars)", and "mageia - 9.0"

Restored previous tabs, settings kept, localisation OK.
Used banking sites, tax office, shops, video sites.
Saved file from internet, opened and viewed both internet and local pdf and printed to Boomaga, and to network printer.

CC: (none) => fri

MGA9-64 Plasma Wayland on Compaq H000SB
No installartion issues.
No problems encountered in my daily use.

CC: (none) => herman.viaene

Hi.

Installed from testing repos, mga9-x64.

Works fine for me.

Banks ok.
Youtube ok.
Digital certificates ok.
Addons and sync account ok.

From terminal:

[jose@localhost ~]$ firefox
ATTENTION: default value of option mesa_glthread overridden by environment.
[Parent 4337, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-128.6.0/toolkit/xre/nsSigHandlers.cpp:187

(firefox:4337): GLib-GIO-WARNING **: 16:23:02.591: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.


Greetings!

CC: (none) => Joselp

MGA9-64 Plasma on two machines, one Intel-based desktop, one AMD-based laptop.

No installation issues. Used the desktop all afternoon yesterday and for a couple of hours today, with no issues. Used the laptop for about 90 minutes this morning, also without issues.

CC: (none) => andrewsfarm

I've installed Firefox and en moduels across three different machines.  No issues.

Gnome, Ryzen, Nvidia

The following 4 packages are going to be installed:

- firefox-128.6.0-1.mga9.x86_64
- firefox-en_CA-128.6.0-1.mga9.noarch
- firefox-en_GB-128.6.0-1.mga9.noarch
- firefox-en_US-128.6.0-1.mga9.noarch

84KB of additional disk space will be used.

$ firefox -version
Mozilla Firefox 128.6.0esr


videos play
common sites work
sound works

CC: (none) => brtians1

MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

The following 4 packages are going to be installed:

- firefox-128.6.0-1.mga9.i586
- firefox-en_CA-128.6.0-1.mga9.noarch
- firefox-en_GB-128.6.0-1.mga9.noarch
- firefox-en_US-128.6.0-1.mga9.noarch

79KB of additional disk space will be used.

---rebooted

spending time using firefox, etc.  - working

No reason that I can see to hold this back.

Validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0009.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

I lost all my tabs when after upgrading from firefox-128.5.0-1.mga9. The normal way of restoring from the sessionstore-backups file by copying to sessionstore.jsonlz4 isn't working. The report in comment #2 is that tabs should be restored, so I hope I'm the only one.

CC: (none) => dan

(In reply to Dan Fandrich from comment #10)
> I lost all my tabs when after upgrading from firefox-128.5.0-1.mga9. The
> normal way of restoring from the sessionstore-backups file by copying to
> sessionstore.jsonlz4 isn't working. The report in comment #2 is that tabs
> should be restored, so I hope I'm the only one.

Sometimes firefox have the bad habit of create new profiles after updating, did you check if is your case ?

It doesn't look like it. about:profiles shows only one and there are no new directories in ~/.mozilla/firefox/

I discovered the Tab Session Manager extension that look like it will make restoring sessions much easier, and was able to restore most of my tabs that way. It's still pretty annoying when Firefox does this, even if it's only once a year or so.