Bug 34064 - Firefox 128.8
Summary: Firefox 128.8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 34065
  Show dependency treegraph
 
Reported: 2025-03-05 09:58 CET by Nicolas Salguero
Modified: 2025-03-12 08:00 CET (History)
8 users (show)

See Also:
Source RPM: firefox, firefox-l10n, nss
CVE: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-03-05 09:58:48 CET 
Mozilla has released NSS 3.109 on February 28:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html

Mozilla has released Firefox 128.7 on March 4:
https://www.mozilla.org/en-US/firefox/128.8.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
Nicolas Salguero 2025-03-05 10:01:26 CET

Whiteboard: (none) => MGA9TOO
Severity: normal => critical
Source RPM: (none) => firefox, firefox-l10n, nss
CVE: (none) => CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938

Nicolas Salguero 2025-03-05 10:03:24 CET

Blocks: (none) => 34065

Nicolas Salguero 2025-03-05 17:08:03 CET

Assignee: bugsquad => nicolas.salguero

Comment 1 Morgan Leijström 2025-03-07 11:09:25 CET 
I see Firefox and Thunderbird built yesterday for mga9, only failing for armv7hl.

Should QA start testing x86_64 and i586?

CC: (none) => fri

Comment 2 Nicolas Salguero 2025-03-07 11:54:27 CET 
Hi,

I think you can start testing them.  I did not send them to QA because, for the moment, they are not built for Cauldron (firefox is currently building and, after that, I will send thunderbird to the BS).

Best regards,
Comment 3 Morgan Leijström 2025-03-07 14:09:25 CET 
Being security updates, I think we should not delay testing. 

When built for Cauldron please change this bug to mga9.

CC: (none) => nicolas.salguero
Assignee: nicolas.salguero => qa-bugs

Comment 4 Jose Manuel López 2025-03-07 15:30:18 CET 
Hi.

Installed in mga9-x64. Works fine for me.

Banks ok.
Spanish ok.
Settings and addons ok.
Sync ok.
Youtube, audio and video ok.

From terminal:

[jose@localhost ~]$ firefox
ATTENTION: default value of option mesa_glthread overridden by environment.
[Parent 11625, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/firefox-128.8.0/toolkit/xre/nsSigHandlers.cpp:187

(firefox:11625): GLib-GIO-WARNING **: 15:29:29.870: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

CC: (none) => Joselp

Comment 5 katnatek 2025-03-07 17:40:28 CET Comment hidden (obsolete)

Keywords: (none) => advisory

Comment 6 katnatek 2025-03-07 21:07:50 CET 
I mention before that I hate to do this by hand? ;)

List of packages

firefox-128.8.0-1.mga9
firefox-af-128.8.0-1.mga9
firefox-an-128.8.0-1.mga9
firefox-ar-128.8.0-1.mga9
firefox-ast-128.8.0-1.mga9
firefox-az-128.8.0-1.mga9
firefox-be-128.8.0-1.mga9
firefox-bg-128.8.0-1.mga9
firefox-bn-128.8.0-1.mga9
firefox-br-128.8.0-1.mga9
firefox-bs-128.8.0-1.mga9
firefox-ca-128.8.0-1.mga9
firefox-cs-128.8.0-1.mga9
firefox-cy-128.8.0-1.mga9
firefox-da-128.8.0-1.mga9
firefox-de-128.8.0-1.mga9
firefox-el-128.8.0-1.mga9
firefox-en_CA-128.8.0-1.mga9
firefox-en_GB-128.8.0-1.mga9
firefox-en_US-128.8.0-1.mga9
firefox-eo-128.8.0-1.mga9
firefox-es_AR-128.8.0-1.mga9
firefox-es_CL-128.8.0-1.mga9
firefox-es_ES-128.8.0-1.mga9
firefox-es_MX-128.8.0-1.mga9
firefox-et-128.8.0-1.mga9
firefox-eu-128.8.0-1.mga9
firefox-fa-128.8.0-1.mga9
firefox-ff-128.8.0-1.mga9
firefox-fi-128.8.0-1.mga9
firefox-fr-128.8.0-1.mga9
firefox-fur-128.8.0-1.mga9
firefox-fy_NL-128.8.0-1.mga9
firefox-ga_IE-128.8.0-1.mga9
firefox-gd-128.8.0-1.mga9
firefox-gl-128.8.0-1.mga9
firefox-gu_IN-128.8.0-1.mga9
firefox-he-128.8.0-1.mga9
firefox-hi_IN-128.8.0-1.mga9
firefox-hr-128.8.0-1.mga9
firefox-hsb-128.8.0-1.mga9
firefox-hu-128.8.0-1.mga9
firefox-hy_AM-128.8.0-1.mga9
firefox-ia-128.8.0-1.mga9
firefox-id-128.8.0-1.mga9
firefox-is-128.8.0-1.mga9
firefox-it-128.8.0-1.mga9
firefox-ja-128.8.0-1.mga9
firefox-ka-128.8.0-1.mga9
firefox-kab-128.8.0-1.mga9
firefox-kk-128.8.0-1.mga9
firefox-km-128.8.0-1.mga9
firefox-kn-128.8.0-1.mga9
firefox-ko-128.8.0-1.mga9
firefox-lij-128.8.0-1.mga9
firefox-lt-128.8.0-1.mga9
firefox-lv-128.8.0-1.mga9
firefox-mk-128.8.0-1.mga9
firefox-mr-128.8.0-1.mga9
firefox-ms-128.8.0-1.mga9
firefox-my-128.8.0-1.mga9
firefox-nb_NO-128.8.0-1.mga9
firefox-nl-128.8.0-1.mga9
firefox-nn_NO-128.8.0-1.mga9
firefox-oc-128.8.0-1.mga9
firefox-pa_IN-128.8.0-1.mga9
firefox-pl-128.8.0-1.mga9
firefox-pt_BR-128.8.0-1.mga9
firefox-pt_PT-128.8.0-1.mga9
firefox-ro-128.8.0-1.mga9
firefox-ru-128.8.0-1.mga9
firefox-sc-128.8.0-1.mga9
firefox-si-128.8.0-1.mga9
firefox-sk-128.8.0-1.mga9
firefox-sl-128.8.0-1.mga9
firefox-sq-128.8.0-1.mga9
firefox-sr-128.8.0-1.mga9
firefox-sv_SE-128.8.0-1.mga9
firefox-szl-128.8.0-1.mga9
firefox-ta-128.8.0-1.mga9
firefox-te-128.8.0-1.mga9
firefox-tg-128.8.0-1.mga9
firefox-th-128.8.0-1.mga9
firefox-tl-128.8.0-1.mga9
firefox-tr-128.8.0-1.mga9
firefox-uk-128.8.0-1.mga9
firefox-ur-128.8.0-1.mga9
firefox-uz-128.8.0-1.mga9
firefox-vi-128.8.0-1.mga9
firefox-xh-128.8.0-1.mga9
firefox-zh_CN-128.8.0-1.mga9
firefox-zh_TW-128.8.0-1.mga9

lib(64)nss-devel-3.109.0-1.mga9
lib(64)nss-static-devel-3.109.0-1.mga9
lib(64)nss3-3.109.0-1.mga9
nss-3.109.0-1.mga9
nss-doc-3.109.0-1.mga9



SRPM:
firefox-128.8.0-1.mga9.src.rpm
firefox-l10n-128.8.0-1.mga9.src.rpm
nss-3.109.0-1.mga9.src.rpm
Comment 7 Herman Viaene 2025-03-08 11:21:32 CET 
@katnatek
No, you didn't mention it, but you do me (and others?) a big favor.

CC: (none) => herman.viaene

Comment 8 Herman Viaene 2025-03-08 11:47:35 CET 
MGA9-64 Plasma Wayland on Compaq H000SB
No onstallation issues.
Newspaper website with text and video, youtube playing Brahms, all work OK.
Comment 9 Thomas Andrews 2025-03-08 13:31:38 CET 
@Morgan: Aren't Firefox updates pretty much always security updates?

CC: (none) => andrewsfarm

Comment 10 Brian Rockwell 2025-03-09 01:45:48 CET 
MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

The following 6 packages are going to be installed:

- firefox-128.8.0-1.mga9.i586
- firefox-en_CA-128.8.0-1.mga9.noarch
- firefox-en_GB-128.8.0-1.mga9.noarch
- firefox-en_US-128.8.0-1.mga9.noarch
- libnss3-3.109.0-1.mga9.i586
- nss-3.109.0-1.mga9.i586

15KB of disk space will be freed.

---rebooted

spending time using firefox, etc.  - working

CC: (none) => brtians1

Comment 11 Thomas Andrews 2025-03-09 18:48:21 CET 
MGA9-64 Plasma, on two very different machines. No installation issues.

Using it for a day and a half now for normal browsing activities, with no issues.
Nicolas Salguero 2025-03-10 09:27:25 CET

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

Comment 12 Len Lawrence 2025-03-10 17:24:45 CET 
mga9, x86_64, Mate X11
Intel Core i7-1260P, Intel Alder Lake-P Integrated Graphics driver: i915

Restored previous session after relaunch.  All bookmarks work.  Visited favourite sites.  Command-line Youtube link started video in Firefox - sound and vision working fine.  Online banking works, downloads OK.  Interactive local bus route map OK.

No problems.

CC: (none) => tarazed25

Comment 13 Morgan Leijström 2025-03-10 21:21:32 CET 
mag9-64 OK here
Plasma, AMD GPU

Various shops, banking, video, pdf view and print.

Swedish localisation. Tabs and settings preserved.


---

(In reply to Thomas Andrews from comment #9)
> @Morgan: Aren't Firefox updates pretty much always security updates?

Yes.  And I set it to QA without waiting for it to build on Cauldron so we can start testing without unnecessary delay.
Comment 14 Thomas Andrews 2025-03-11 23:27:26 CET 
MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100. No installation issues, and no issues to report. Sites are slow to load and render compared to my newer hardware, but that is nothing new. I put it to a combination of a slow wifi adapter, coupled with an old P4 and antiquated gpu.

No issues with several tests, time to let this go. Validating the update.

Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2025-03-12 08:00:54 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0092.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.