You know you will get this!

Assignee: bugsquad => nicolas.salguero

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Out-of-bounds access when resolving Promise objects. (CVE-2025-4918)

Out-of-bounds access when optimizing linear sums. (CVE-2025-4919)

References:
https://www.mozilla.org/en-US/firefox/128.10.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_111.html
========================

Updated packages in core/updates_testing:
========================
rootcerts-20250424.00-1.mga9
rootcerts-java-20250424.00-1.mga9

lib(64)nss3-3.111.0-1.mga9
lib(64)nss-devel-3.111.0-1.mga9
lib(64)nss-static-devel-3.111.0-1.mga9
nss-3.111.0-1.mga9
nss-doc-3.111.0-1.mga9

firefox-128.10.1-2.mga9
firefox-af-128.10.1-1.mga10
firefox-an-128.10.1-1.mga10
firefox-ar-128.10.1-1.mga10
firefox-ast-128.10.1-1.mga10
firefox-az-128.10.1-1.mga10
firefox-be-128.10.1-1.mga10
firefox-bg-128.10.1-1.mga10
firefox-bn-128.10.1-1.mga10
firefox-br-128.10.1-1.mga10
firefox-bs-128.10.1-1.mga10
firefox-ca-128.10.1-1.mga10
firefox-cs-128.10.1-1.mga10
firefox-cy-128.10.1-1.mga10
firefox-da-128.10.1-1.mga10
firefox-de-128.10.1-1.mga10
firefox-el-128.10.1-1.mga10
firefox-en_CA-128.10.1-1.mga10
firefox-en_GB-128.10.1-1.mga10
firefox-en_US-128.10.1-1.mga10
firefox-eo-128.10.1-1.mga10
firefox-es_AR-128.10.1-1.mga10
firefox-es_CL-128.10.1-1.mga10
firefox-es_ES-128.10.1-1.mga10
firefox-es_MX-128.10.1-1.mga10
firefox-et-128.10.1-1.mga10
firefox-eu-128.10.1-1.mga10
firefox-fa-128.10.1-1.mga10
firefox-ff-128.10.1-1.mga10
firefox-fi-128.10.1-1.mga10
firefox-fr-128.10.1-1.mga10
firefox-fur-128.10.1-1.mga10
firefox-fy_NL-128.10.1-1.mga10
firefox-ga_IE-128.10.1-1.mga10
firefox-gd-128.10.1-1.mga10
firefox-gl-128.10.1-1.mga10
firefox-gu_IN-128.10.1-1.mga10
firefox-he-128.10.1-1.mga10
firefox-hi_IN-128.10.1-1.mga10
firefox-hr-128.10.1-1.mga10
firefox-hsb-128.10.1-1.mga10
firefox-hu-128.10.1-1.mga10
firefox-hy_AM-128.10.1-1.mga10
firefox-ia-128.10.1-1.mga10
firefox-id-128.10.1-1.mga10
firefox-is-128.10.1-1.mga10
firefox-it-128.10.1-1.mga10
firefox-ja-128.10.1-1.mga10
firefox-ka-128.10.1-1.mga10
firefox-kab-128.10.1-1.mga10
firefox-kk-128.10.1-1.mga10
firefox-km-128.10.1-1.mga10
firefox-kn-128.10.1-1.mga10
firefox-ko-128.10.1-1.mga10
firefox-lij-128.10.1-1.mga10
firefox-lt-128.10.1-1.mga10
firefox-lv-128.10.1-1.mga10
firefox-mk-128.10.1-1.mga10
firefox-mr-128.10.1-1.mga10
firefox-ms-128.10.1-1.mga10
firefox-my-128.10.1-1.mga10
firefox-nb_NO-128.10.1-1.mga10
firefox-nl-128.10.1-1.mga10
firefox-nn_NO-128.10.1-1.mga10
firefox-oc-128.10.1-1.mga10
firefox-pa_IN-128.10.1-1.mga10
firefox-pl-128.10.1-1.mga10
firefox-pt_BR-128.10.1-1.mga10
firefox-pt_PT-128.10.1-1.mga10
firefox-ro-128.10.1-1.mga10
firefox-ru-128.10.1-1.mga10
firefox-sc-128.10.1-1.mga10
firefox-si-128.10.1-1.mga10
firefox-sk-128.10.1-1.mga10
firefox-sl-128.10.1-1.mga10
firefox-sq-128.10.1-1.mga10
firefox-sr-128.10.1-1.mga10
firefox-sv_SE-128.10.1-1.mga10
firefox-szl-128.10.1-1.mga10
firefox-ta-128.10.1-1.mga10
firefox-te-128.10.1-1.mga10
firefox-tg-128.10.1-1.mga10
firefox-th-128.10.1-1.mga10
firefox-tl-128.10.1-1.mga10
firefox-tr-128.10.1-1.mga10
firefox-uk-128.10.1-1.mga10
firefox-ur-128.10.1-1.mga10
firefox-uz-128.10.1-1.mga10
firefox-vi-128.10.1-1.mga10
firefox-xh-128.10.1-1.mga10
firefox-zh_CN-128.10.1-1.mga10
firefox-zh_TW-128.10.1-1.mga10

from SRPMS:
rootcerts-20250424.00-1.mga9.src.rpm
nss-3.111.0-1.mga9.src.rpm
firefox-128.10.1-2.mga9.src.rpm
firefox-l10n-128.10.1-1.mga10.src.rpm

Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 9
Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)

(In reply to Nicolas Salguero from comment #2)
Packages for mageia 10 in a mageia 9 bug?

(In reply to katnatek from comment #3)
> (In reply to Nicolas Salguero from comment #2)
> Packages for mageia 10 in a mageia 9 bug?

Sorry, the good ones are *-1.mga9 (wrong copy paste).

mga9-64 OK here on Plasma, X11

Clean update
Swedish localisation
Tabs restored
Settings kept
Various shopping sites, banking sites
Video sites
Downloading
Printing

[morgan@svarten ~]$ inxi -SCG
System:
  Host: svarten.tribun Kernel: 6.6.88-desktop-3.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1200 min/max: 1200/2934 cores: 1: 1200 2: 1200 3: 1200
    4: 1200 5: 1200 6: 1200 7: 1200 8: 1200
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: amd mesa v: 25.0.6 renderer: AMD Radeon RX
    6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.88-desktop-3.mga9)

CC: (none) => fri

MGA9+-64 Plasma Wayland on Compaq H000SB
No installation issues.
Starting this new version afresh, used sites I usually use, no problems detected.

CC: (none) => herman.viaene

MGA9-64, Xfce, Asus Laptop, AMD A6-9225 RADEON R4

The following 11 packages are going to be installed:

- firefox-128.10.1-2.mga9.x86_64
- firefox-en_CA-128.10.1-1.mga9.noarch
- firefox-en_GB-128.10.1-1.mga9.noarch
- firefox-en_US-128.10.1-1.mga9.noarch
- lib64nss-devel-3.111.0-1.mga9.x86_64
- lib64nss-static-devel-3.111.0-1.mga9.x86_64
- lib64nss3-3.111.0-1.mga9.x86_64
- nss-3.111.0-1.mga9.x86_64
- nss-myhostname-253.31-1.mga9.x86_64
- rootcerts-20250424.00-1.mga9.noarch
- rootcerts-java-20250424.00-1.mga9.noarch

2.4KB of additional disk space will be used.

===rebooted

email
websites
video work

CC: (none) => brtians1

MGA9-64 Plasma US English version on two different sets of hardware. No installation issues.

I've been using this for two days now, while waiting for access to Bugzilla. Went to many sites, evn started an online boater safety course, now mandatory to operate a power boat in New York State. Used both with a without an active VPN.

Looks OK here.

CC: (none) => andrewsfarm

MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

The following 10 packages are going to be installed:

- firefox-128.10.1-2.mga9.i586
- firefox-en_CA-128.10.1-1.mga9.noarch
- firefox-en_GB-128.10.1-1.mga9.noarch
- firefox-en_US-128.10.1-1.mga9.noarch
- glibc-2.36-56.mga9.i586
- libnss3-3.111.0-1.mga9.i586
- nss-3.111.0-1.mga9.i586
- nss-myhostname-253.31-1.mga9.i586
- rootcerts-20250424.00-1.mga9.noarch
- rootcerts-java-20250424.00-1.mga9.noarch

3.4KB of additional disk space will be used.

---rebooted

spending time using firefox, etc.  - working

MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100, P4, 2GB RAM, Radeon RV200 graphics, even older laptop.

No installation issues. Tried a few sites, no issues within the limitations of the hardware. Complex pages slow to render, videos buffer, that sort of thing. Probably would be better if connected via Ethernet rather than wifi.

Hi, update in Mga x64 Plasma Kde.

No issues for now.

Youtube ok.
Digital certificates ok.
Audio and video ok.
Addons and settings ok.
Spanish language ok.
Banks ok.

Greetings!

CC: (none) => Joselp

Firefox update seems fine.
I had to reinstall Citrix Workspace, but worked OK after that reinstall

CC: (none) => tablackwell

Validating.

Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0165.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED