Mozilla has released NSS 3.110 on March 28: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html Mozilla has released Firefox 128.9 on April 1: https://www.mozilla.org/en-US/firefox/128.9.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/
Whiteboard: (none) => MGA9TOOSource RPM: (none) => nss, firefox, firefox-l10nCVE: (none) => CVE-2025-3028, CVE-2025-3029, CVE-2025-3030
Blocks: (none) => 34155
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) References: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_110.html https://www.mozilla.org/en-US/firefox/128.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/ ======================== Updated packages in core/updates_testing: ======================== firefox-128.9.0-1.mga9 firefox-af-128.9.0-1.mga9 firefox-an-128.9.0-1.mga9 firefox-ar-128.9.0-1.mga9 firefox-ast-128.9.0-1.mga9 firefox-az-128.9.0-1.mga9 firefox-be-128.9.0-1.mga9 firefox-bg-128.9.0-1.mga9 firefox-bn-128.9.0-1.mga9 firefox-br-128.9.0-1.mga9 firefox-bs-128.9.0-1.mga9 firefox-ca-128.9.0-1.mga9 firefox-cs-128.9.0-1.mga9 firefox-cy-128.9.0-1.mga9 firefox-da-128.9.0-1.mga9 firefox-de-128.9.0-1.mga9 firefox-el-128.9.0-1.mga9 firefox-en_CA-128.9.0-1.mga9 firefox-en_GB-128.9.0-1.mga9 firefox-en_US-128.9.0-1.mga9 firefox-eo-128.9.0-1.mga9 firefox-es_AR-128.9.0-1.mga9 firefox-es_CL-128.9.0-1.mga9 firefox-es_ES-128.9.0-1.mga9 firefox-es_MX-128.9.0-1.mga9 firefox-et-128.9.0-1.mga9 firefox-eu-128.9.0-1.mga9 firefox-fa-128.9.0-1.mga9 firefox-ff-128.9.0-1.mga9 firefox-fi-128.9.0-1.mga9 firefox-fr-128.9.0-1.mga9 firefox-fur-128.9.0-1.mga9 firefox-fy_NL-128.9.0-1.mga9 firefox-ga_IE-128.9.0-1.mga9 firefox-gd-128.9.0-1.mga9 firefox-gl-128.9.0-1.mga9 firefox-gu_IN-128.9.0-1.mga9 firefox-he-128.9.0-1.mga9 firefox-hi_IN-128.9.0-1.mga9 firefox-hr-128.9.0-1.mga9 firefox-hsb-128.9.0-1.mga9 firefox-hu-128.9.0-1.mga9 firefox-hy_AM-128.9.0-1.mga9 firefox-ia-128.9.0-1.mga9 firefox-id-128.9.0-1.mga9 firefox-is-128.9.0-1.mga9 firefox-it-128.9.0-1.mga9 firefox-ja-128.9.0-1.mga9 firefox-ka-128.9.0-1.mga9 firefox-kab-128.9.0-1.mga9 firefox-kk-128.9.0-1.mga9 firefox-km-128.9.0-1.mga9 firefox-kn-128.9.0-1.mga9 firefox-ko-128.9.0-1.mga9 firefox-lij-128.9.0-1.mga9 firefox-lt-128.9.0-1.mga9 firefox-lv-128.9.0-1.mga9 firefox-mk-128.9.0-1.mga9 firefox-mr-128.9.0-1.mga9 firefox-ms-128.9.0-1.mga9 firefox-my-128.9.0-1.mga9 firefox-nb_NO-128.9.0-1.mga9 firefox-nl-128.9.0-1.mga9 firefox-nn_NO-128.9.0-1.mga9 firefox-oc-128.9.0-1.mga9 firefox-pa_IN-128.9.0-1.mga9 firefox-pl-128.9.0-1.mga9 firefox-pt_BR-128.9.0-1.mga9 firefox-pt_PT-128.9.0-1.mga9 firefox-ro-128.9.0-1.mga9 firefox-ru-128.9.0-1.mga9 firefox-sc-128.9.0-1.mga9 firefox-si-128.9.0-1.mga9 firefox-sk-128.9.0-1.mga9 firefox-sl-128.9.0-1.mga9 firefox-sq-128.9.0-1.mga9 firefox-sr-128.9.0-1.mga9 firefox-sv_SE-128.9.0-1.mga9 firefox-szl-128.9.0-1.mga9 firefox-ta-128.9.0-1.mga9 firefox-te-128.9.0-1.mga9 firefox-tg-128.9.0-1.mga9 firefox-th-128.9.0-1.mga9 firefox-tl-128.9.0-1.mga9 firefox-tr-128.9.0-1.mga9 firefox-uk-128.9.0-1.mga9 firefox-ur-128.9.0-1.mga9 firefox-uz-128.9.0-1.mga9 firefox-vi-128.9.0-1.mga9 firefox-xh-128.9.0-1.mga9 firefox-zh_CN-128.9.0-1.mga9 firefox-zh_TW-128.9.0-1.mga9 lib(64)nss-devel-3.110.0-1.mga9 lib(64)nss-static-devel-3.110.0-1.mga9 lib(64)nss3-3.110.0-1.mga9 nss-3.110.0-1.mga9 nss-doc-3.110.0-1.mga9 SRPM: firefox-128.9.0-1.mga9.src.rpm firefox-l10n-128.9.0-1.mga9.src.rpm nss-3.110.0-1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)
Hi, installed in mga9-x86_64 Amd Ryzen 4800H. No issues for now. Banks ok. Audio and video ok. Spanish translation ok. Addons ok. Greetings!
CC: (none) => Joselp
Keywords: (none) => advisory
MGA9-64 Plasma X11. Updated US English version, with no installation issues. I've been using it all afternoon, Youtube, Facebook, Amazon, Madb, Bugzilla, etc. No issues to report. Activated a VPN, and some sites, like Amazon, refuse to work, but that's normal. Looks good here.
CC: (none) => andrewsfarm
I meant to say that some sites either refuse to work or do not fully work with an active VPN, but that's normal.
MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop The following 6 packages are going to be installed: - firefox-128.9.0-1.mga9.i586 - firefox-en_CA-128.9.0-1.mga9.noarch - firefox-en_GB-128.9.0-1.mga9.noarch - firefox-en_US-128.9.0-1.mga9.noarch - libnss3-3.110.0-1.mga9.i586 - nss-3.110.0-1.mga9.i586 82KB of additional disk space will be used. ---rebooted spending time using firefox, etc. - working
CC: (none) => brtians1
OK mga9-64 on my workstation svarten Plasma X11, Intel CPU, AMD GPU Restored previous tabs, settings kept, Swedish localisation OK. Used banking sites, tax office, shops, video sites, Syncthing local WebUI Nextcloud server over internet web UI browsing uploading, downloading. app.element.io, facebook, Mageia bugzilla saved file, opened-viewed-printed pdf to network printer using both built-in and system printer dialogue.
CC: (none) => fri
MGA9-64, Xfce, Asus Laptop, AMD A6-9225 RADEON R4 The following 8 packages are going to be installed: - firefox-128.9.0-1.mga9.x86_64 - firefox-en_CA-128.9.0-1.mga9.noarch - firefox-en_GB-128.9.0-1.mga9.noarch - firefox-en_US-128.9.0-1.mga9.noarch - lib64nss-devel-3.110.0-1.mga9.x86_64 - lib64nss-static-devel-3.110.0-1.mga9.x86_64 - lib64nss3-3.110.0-1.mga9.x86_64 - nss-3.110.0-1.mga9.x86_64 , 62KB of additional disk space will be used. ===rebooted $ firefox -version Mozilla Firefox 128.9.0esr email websites video work
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues Tested various contents, including own internal webserverin LAN. All works OK.
CC: (none) => herman.viaene
mga9, x64 ASUS/AMD hardware Firefox has been running well for a couple of days now. Youtube videos, IRC channels, checking bank accounts and making payments online, organising bookmarks, madb, search, reading journals and newsprint, printing Wordle statistics.... No problems
CC: (none) => tarazed25
Seems good to go
Whiteboard: (none) => MGA9-64-OK, MGA9-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0125.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED