Bug 34637 - Firefox 140.4
Summary: Firefox 140.4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on: 34500
Blocks: 34638
  Show dependency treegraph
 
Reported: 2025-09-17 09:38 CEST by Nicolas Salguero
Modified: 2025-10-23 21:38 CEST (History)
10 users (show)

See Also:
Source RPM: rootcerts, nss, firefox, firefox-l10n
CVE: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537
Status comment: Packages in comment 46

Attachments
Element doesn't support your browser (125.07 KB, image/png)
2025-10-14 10:28 CEST, Jose Manuel López 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-09-17 09:38:37 CEST 
Mozilla has released NSS 3.116 on September 11:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html

Mozilla has released Firefox 140.3 on September 16:
https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/
Nicolas Salguero 2025-09-17 09:40:34 CEST

Source RPM: (none) => nss, firefox, firefox-l10n
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537

Nicolas Salguero 2025-09-17 09:45:42 CEST

Blocks: (none) => 34638

Comment 1 Nicolas Salguero 2025-10-07 15:59:32 CEST 
Mozilla has released NSS 3.117 on October 3:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html

Mozilla has released Firefox 140.3.1 on September 23:
https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/
Morgan Leijström 2025-10-07 16:58:24 CEST

CC: (none) => fri

Comment 2 Nicolas Salguero 2025-10-07 17:33:04 CEST 
rootcerts must be updated to 2025-10-03.

Source RPM: nss, firefox, firefox-l10n => rootcerts, nss, firefox, firefox-l10n

Comment 3 Marja Van Waes 2025-10-07 19:13:43 CEST 
Assigning to all, since there is no registered maintainer.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Nicolas Salguero 2025-10-08 08:14:34 CEST

Summary: Firefox 140.3 => Firefox 140.3.1

Comment 4 Nicolas Salguero 2025-10-08 10:55:11 CEST 
Firefox 140 needs at least rust 1.82 and Mageia 9 only has version 1.80.

To be able to build Firefox 140, rust 1.82 has to be built for Mageia 9.
Marja Van Waes 2025-10-08 11:19:50 CEST

Depends on: (none) => 34500

Comment 5 Nicolas Salguero 2025-10-09 08:50:57 CEST Comment hidden (obsolete)
Comment 6 i mek 2025-10-10 21:52:12 CEST 
I'm afraid if I was a newcomer I'd run away at the sight of Firefox 128.X.Y (I realize that in reality the available one is just one fixing-of-security-vulnerabilities old), so please try releasing 140+ before October 14 or try convincing newcomers that Firefox ESR 128.X.Yesr is not as old as it seems (keeping them attracted for long enough may be essential to it), or that the best they can do is installing Firefox with Flatpak (or the like).

CC: (none) => imek5

Comment 7 Jose Manuel López 2025-10-13 11:23:22 CEST 
In response to comment 6, the problem is that our Firefox ESR has already been EOL since September 16 (already a month ago), and with no apparent update solution in Mageia 9. 

I am not a developer and I understand the effort that this may entail, but I would also understand that the user who has just installed Mageia 9 and updates does not spend too much time looking at our catalog of applications, with very old versions in the case of some of them... For example, Libreoffice has also been EOL in Mageia 9 since June of this year.

CC: (none) => Joselp

Comment 8 i mek 2025-10-13 22:24:43 CEST 
In reply to comment 7:
For me (maybe I'm not a representative user) the internet browser is a special application since it's a mean of access to some secrets. The same goes for other security related matters. However I don't mind that much if eg. an office suite isn't up to date, as long as it serves its purposes well and doesn't lack features I'm looking for.

Besides, I think it's not a proper place for such discussion, so I suggest to post the next messages (if any) on the forum or using an IM (incl. IRC), or via e-mail.
Comment 9 Jose Manuel López 2025-10-14 08:53:17 CEST 
I already reported it on the mailing lists too. I agree that an office suite can "keep working", but it depends on whether it complies with the updated security fixes, apart from the fact that as you mentioned you will not get the functionalities and improvements of the new stable version. 

And we will all agree that when a version is EOL, it stops receiving even security fixes....
Comment 10 Nicolas Salguero 2025-10-14 09:05:20 CEST 
(In reply to Jose Manuel López from comment #9)
> And we will all agree that when a version is EOL, it stops receiving even
> security fixes....

For libreoffice, it is not the fact as it is possible to find patches from other distributions, like Debian for instance, or backport patches.
Comment 11 Jose Manuel López 2025-10-14 10:28:14 CEST 
Created attachment 15138 [details]
Element doesn't support your browser

In what proportion is it better to search for patches than to package the new version?

In the case of Firefox, I tried to connect to Element web today, and it tells me that the browser is no longer compatible, sending me to its website on github, where they explain that it is compatible with the last two versions of all the indicated browsers.

I attach a screenshot of the warning and how Element is displayed now, if it gets to be shown because it has cost me to refresh the page several times.
Comment 12 Nicolas Salguero 2025-10-14 10:40:57 CEST 
(In reply to Jose Manuel López from comment #11)
> In what proportion is it better to search for patches than to package the
> new version?

When a fix for a security issue is available and adding that fix is easier than packaging a new version because, for example, that new version needs some libraries that are not packaged yet.  It is often the case for libreoffice.

Sadly, it is never possible for Firefox as upstream does not provide information about which commits solve a security issue.
Comment 13 Nicolas Salguero 2025-10-15 11:57:30 CEST 
Mozilla has released Firefox 140.4 on October 14:
https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/

Summary: Firefox 140.3.1 => Firefox 140.4

Comment 14 katnatek 2025-10-17 19:09:34 CEST 
I get this error 
 0:16.84 ERROR: cbindgen version 0.26.0 is too old. At least version 0.27.0 is required.
 0:16.84 Please update using 'cargo install cbindgen --force' or running
 0:16.84 './mach bootstrap', after removing the existing executable located at
 0:16.84 /usr/bin/cbindgen.
 0:16.89 W Exception when writing resource usage file: [Errno 2] No such file or directory: '/builddir/build/BUILD/firefox-140.4.0/objdir/.mozbuild/profile_build_resources.json'
 Config object not found by mach.

So we need to update cbngen or use a bundled version
Comment 15 katnatek 2025-10-17 20:01:07 CEST 
The cbindgen-vendor.tar.xz need to be updated here or for build rust-cbindgen 0.27.0
Comment 16 katnatek 2025-10-17 21:01:51 CEST 
Making a test build of rust-cbindgen 0.27.0
Comment 17 katnatek 2025-10-17 22:25:28 CEST 
I have to disable the check step, making a build of firefox for 64b to test
before send to BS
Comment 18 katnatek 2025-10-17 22:38:59 CEST 
Common give me a break :P
 0:06.81 checking for icu-uc icu-i18n >= 76.1... no
 0:06.81 ERROR: Package dependency requirement 'icu-i18n >= 76.1' could not be satisfied.
 0:06.81 ERROR: Package 'icu-i18n' has version '73.2', required version is '>= 76.1'

I not yet end rebuild for icu73 and now this :S
katnatek 2025-10-17 22:41:05 CEST

Source RPM: rootcerts, nss, firefox, firefox-l10n => rootcerts, nss, firefox, firefox-l10n,rust-cbindgen

Comment 19 katnatek 2025-10-17 23:42:54 CEST 
Using bundled icu now
 0:13.13 checking for libpng >= 1.6.45... no
 0:13.13 ERROR: Package dependency requirement 'libpng >= 1.6.45' could not be satisfied.
 0:13.13 ERROR: Package 'libpng' has version '1.6.38', required version is '>= 1.6.45'
 0:13.18 W Exception when writing resource usage file: [Errno 2] No such file or directory: '/builddir/build/BUILD/firefox-140.4.0/objdir/.mozbuild/profile_build_resources.json'
 Config object not found by mach.
*** Fix above errors and then restart with "./mach build"
Comment 20 katnatek 2025-10-18 00:03:19 CEST Comment hidden (obsolete)
Comment 21 katnatek 2025-10-18 03:31:40 CEST 
Use bundle icu and --without-system-png builds just for i586, I''ll test if build with rust 1.83 makes a diferen if not I'll reduced debuginfo in 64bit arches too
katnatek 2025-10-18 04:43:28 CEST

Priority: Normal => High
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Comment 22 katnatek 2025-10-18 19:01:55 CEST 
Trying disabling rust debug info for all architectures.
Comment 23 katnatek 2025-10-19 00:13:49 CEST 
Sending the build to BS, I think we should not update system icu or png libs for the moment
Comment 24 katnatek 2025-10-19 00:39:31 CEST 
I send to build firefoz-l10n, and make the equivalent changes in thunderbird, please Nicolas send you the thunderbird pack when you feel right
Comment 25 katnatek 2025-10-19 01:09:34 CEST 
And it have to fail for armv7hl
39:23.90 error: failed to mmap file '/home/iurt/rpmbuild/BUILD/firefox-140.4.0/objdir/armv7-unknown-linux-gnueabihf/release/deps/libstyle-b59e6e26cf61c8e9.rlib': Cannot allocate memory (os error 12)
Comment 26 katnatek 2025-10-19 07:44:07 CEST Comment hidden (obsolete)

Assignee: pkg-bugs => qa-bugs

Comment 27 Thomas Andrews 2025-10-19 14:13:14 CEST 
MGA9-64 Plasma. No installation issues. Only a brief preliminary check so far, but no issues to report.

CC: (none) => andrewsfarm

Comment 28 katnatek 2025-10-20 01:25:15 CEST Comment hidden (obsolete)

Status comment: (none) => Packages in comment 28

katnatek 2025-10-20 01:52:16 CEST

Keywords: (none) => advisory

Comment 29 Jose Manuel López 2025-10-20 08:44:00 CEST 
Updated right now. Works fine for me.

Banks ok.
Digital certificates ok.
Youtube, audio and video ok.
Autofirma ok.
Settings and addons ok.
Spanish translations ok.

Great work guys, my congratulatios for all!!
Comment 30 Herman Viaene 2025-10-20 11:38:27 CEST 
Sorry, the following package cannot be selected:

- rust-cbindgen+clap-devel-0.27.0-1.mga9.noarch (due to unsatisfied crate(clap/default)[>= 4.3.0])

CC: (none) => herman.viaene

Comment 31 Brian Rockwell 2025-10-20 17:17:55 CEST 
MGA9-64, Xfce, core i7 M620, Nvidia GT218M (nouveau) 

The following 10 packages are going to be installed:

- firefox-140.4.0-1.1.mga9.x86_64
- firefox-en_CA-140.4.0-1.mga9.noarch
- firefox-en_GB-140.4.0-1.mga9.noarch
- firefox-en_US-140.4.0-1.mga9.noarch
- lib64nss3-3.117.0-1.mga9.x86_64
- lib64openssl3-3.0.18-1.mga9.x86_64
- nss-3.117.0-1.mga9.x86_64
- openssl-3.0.18-1.mga9.x86_64
- rootcerts-20251003.00-1.mga9.noarch
- rootcerts-java-20251003.00-1.mga9.noarch

excluded rust libraries as that didn't make sense to install with firefox.

39MB of additional disk space will be used.

$ firefox -v
Mozilla Firefox 140.4.0esr


spending a few hours using it.  No issues

CC: (none) => brtians1

Comment 32 Herman Viaene 2025-10-20 17:34:18 CEST 
Took Brian's lead and installed firefox and nss-stuff and rootcerts.
Restarted firefox after installation and all looks OK.
So, what to do with the rust???
Comment 33 Brian Rockwell 2025-10-20 17:53:15 CEST 
I usually sand it off and paint it with Rustoleum ... personally.

Seems like this should have been part of rust testing.
Comment 34 katnatek 2025-10-20 18:31:44 CEST 
(In reply to Herman Viaene from comment #32)
> Took Brian's lead and installed firefox and nss-stuff and rootcerts.
> Restarted firefox after installation and all looks OK.
> So, what to do with the rust???
I'll fix the error you report, thank you for that test, cbindgen for rust-cbindgen is a buildrequire so not other test that right installation of packages is really needed as cbindgen makes its work on the firefox/thunderbird build process
Comment 35 Jani Välimaa 2025-10-20 20:23:29 CEST 
(In reply to katnatek from comment #34)
> (In reply to Herman Viaene from comment #32)
> > Took Brian's lead and installed firefox and nss-stuff and rootcerts.
> > Restarted firefox after installation and all looks OK.
> > So, what to do with the rust???
> I'll fix the error you report, thank you for that test, cbindgen for
> rust-cbindgen is a buildrequire so not other test that right installation of
> packages is really needed as cbindgen makes its work on the
> firefox/thunderbird build process

Instead of fixing the dep issue in rust-cbindgen+clippy-devel it was only hidden. Since when it's been OK to update pkgs and leave them in broken state on purpose?

CC: (none) => jani.valimaa

Comment 36 katnatek 2025-10-20 20:29:45 CEST 
(In reply to Jani Välimaa from comment #35)
> (In reply to katnatek from comment #34)
> > (In reply to Herman Viaene from comment #32)
> > > Took Brian's lead and installed firefox and nss-stuff and rootcerts.
> > > Restarted firefox after installation and all looks OK.
> > > So, what to do with the rust???
> > I'll fix the error you report, thank you for that test, cbindgen for
> > rust-cbindgen is a buildrequire so not other test that right installation of
> > packages is really needed as cbindgen makes its work on the
> > firefox/thunderbird build process
> 
> Instead of fixing the dep issue in rust-cbindgen+clippy-devel it was only
> hidden. Since when it's been OK to update pkgs and leave them in broken
> state on purpose?

I was about to write a mail about the theme, some of the required crates are part of the vendor sources, so I don't know how to handle that, I manage just the internal requirements, so my best guest is I must include the unpacked vendor source in some place but I not see any other package that did this, other solution could be a hell as require to update and maybe import other crates.
Comment 37 katnatek 2025-10-20 20:36:19 CEST 
(In reply to Jani Välimaa from comment #35)
> > (In reply to katnatek from comment #34)
> > > (In reply to Herman Viaene from comment #32)
> > > > Took Brian's lead and installed firefox and nss-stuff and rootcerts.
> > > > Restarted firefox after installation and all looks OK.
> > > > So, what to do with the rust???
> > > I'll fix the error you report, thank you for that test, cbindgen for
> > > rust-cbindgen is a buildrequire so not other test that right installation of
> > > packages is really needed as cbindgen makes its work on the
> > > firefox/thunderbird build process
> > 
> > Instead of fixing the dep issue in rust-cbindgen+clippy-devel it was only
> > hidden. Since when it's been OK to update pkgs and leave them in broken
> > state on purpose?
>
(In reply to katnatek from comment #36) 
> I was about to write a mail about the theme, some of the required crates are
> part of the vendor sources, so I don't know how to handle that, I manage
> just the internal requirements, so my best guest is I must include the
> unpacked vendor source in some place but I not see any other package that
> did this, other solution could be a hell as require to update and maybe
> import other crates.
So please give me a suggestion other alternative could be just generate the cbingen package as is the only really required to build firefox/thunderbird
Comment 38 katnatek 2025-10-20 21:11:55 CEST Comment hidden (obsolete)
Comment 39 katnatek 2025-10-20 21:20:48 CEST 
Also we can make firefox/thubderbird make use of the bundled cbindgen but is not recommended in the spec file 
Let me know what do you think is the best solution
Comment 40 katnatek 2025-10-20 21:31:19 CEST 
(In reply to katnatek from comment #39)
> Also we can make firefox/thubderbird make use of the bundled cbindgen but is
> not recommended in the spec file 
> Let me know what do you think is the best solution

Making a build test to see if time limit could need some adjust
Comment 41 Jani Välimaa 2025-10-20 21:43:15 CEST 
(In reply to katnatek from comment #39)
> Also we can make firefox/thubderbird make use of the bundled cbindgen but is
> not recommended in the spec file 
> Let me know what do you think is the best solution

Bundled cbindgen should be used instead and rust-cbindgen reverted to previous state in SVN. Sysadmin(s) can remove cbindgen pkgs from core/updates_testing later.

I have improved/updated cbindgen vendoring script in SOURCES to make it faster/smaller, updated vendor tarball, and pushed a new FF build with bundled cbindgen to core/updates_testing.
Comment 42 katnatek 2025-10-20 21:55:41 CEST 
(In reply to Jani Välimaa from comment #41)
> (In reply to katnatek from comment #39)
> > Also we can make firefox/thubderbird make use of the bundled cbindgen but is
> > not recommended in the spec file 
> > Let me know what do you think is the best solution
> 
> Bundled cbindgen should be used instead and rust-cbindgen reverted to
> previous state in SVN. Sysadmin(s) can remove cbindgen pkgs from
> core/updates_testing later.
> 
> I have improved/updated cbindgen vendoring script in SOURCES to make it
> faster/smaller, updated vendor tarball, and pushed a new FF build with
> bundled cbindgen to core/updates_testing.

Thank you I see you make the same for thunderbird, when firefox ends if you are not available to do it I'll send thunderbird

Source RPM: rootcerts, nss, firefox, firefox-l10n,rust-cbindgen => rootcerts, nss, firefox, firefox-l10n

Comment 43 Thomas Andrews 2025-10-21 02:16:36 CEST 
(In reply to Jani Välimaa from comment #41)
> (In reply to katnatek from comment #39)
> > Also we can make firefox/thubderbird make use of the bundled cbindgen but is
> > not recommended in the spec file 
> > Let me know what do you think is the best solution
> 
> Bundled cbindgen should be used instead and rust-cbindgen reverted to
> previous state in SVN. Sysadmin(s) can remove cbindgen pkgs from
> core/updates_testing later.
> 
> I have improved/updated cbindgen vendoring script in SOURCES to make it
> faster/smaller, updated vendor tarball, and pushed a new FF build with
> bundled cbindgen to core/updates_testing.

The math.princeton mirror says firefox-140.4.0-1.1.mga9.x86_64.rpm is the one currently in core/updates_testing, but that's the same version as from comment 28. 

Jani, wasn't yours supposed to be bumped up? Or is it just that Princeton hasn't caught up yet? And are those of us that updated/installed the cbindgen submitted by katnatek (now apparently removed from the repo) supposed to just uninstall it?
Comment 44 katnatek 2025-10-21 02:36:52 CEST 
(In reply to Thomas Andrews from comment #43)
> The math.princeton mirror says firefox-140.4.0-1.1.mga9.x86_64.rpm is the
> one currently in core/updates_testing, but that's the same version as from
> comment 28. 
> 
> Jani, wasn't yours supposed to be bumped up? Or is it just that Princeton
> hasn't caught up yet? And are those of us that updated/installed the
> cbindgen submitted by katnatek (now apparently removed from the repo)
> supposed to just uninstall it?

firefox-140.4.0-1.2.mga9 is still building the 64b package, if end on time I'm still on PC I'll update the full list if not I just notify that is ready
Yes cbingen packages in testing should be removed from your system, and we must ask to remove when validate the bug
Comment 45 katnatek 2025-10-21 02:43:24 CEST 
Advisory updated
Comment 46 katnatek 2025-10-21 04:58:11 CEST 
lib(64)nss-devel-3.117.0-1.mga9
lib(64)nss-static-devel-3.117.0-1.mga9
lib(64)nss3-3.117.0-1.mga9
nss-3.117.0-1.mga9
nss-doc-3.117.0-1.mga9
rootcerts-20251003.00-1.mga9
rootcerts-java-20251003.00-1.mga9

firefox-140.4.0-1.2.mga9

firefox-af-140.4.0-1.mga9.noarch.rpm
firefox-an-140.4.0-1.mga9.noarch.rpm
firefox-ar-140.4.0-1.mga9.noarch.rpm
firefox-ast-140.4.0-1.mga9.noarch.rpm
firefox-az-140.4.0-1.mga9.noarch.rpm
firefox-be-140.4.0-1.mga9.noarch.rpm
firefox-bg-140.4.0-1.mga9.noarch.rpm
firefox-bn-140.4.0-1.mga9.noarch.rpm
firefox-br-140.4.0-1.mga9.noarch.rpm
firefox-bs-140.4.0-1.mga9.noarch.rpm
firefox-ca-140.4.0-1.mga9.noarch.rpm
firefox-cs-140.4.0-1.mga9.noarch.rpm
firefox-cy-140.4.0-1.mga9.noarch.rpm
firefox-da-140.4.0-1.mga9.noarch.rpm
firefox-de-140.4.0-1.mga9.noarch.rpm
firefox-el-140.4.0-1.mga9.noarch.rpm
firefox-en_CA-140.4.0-1.mga9.noarch.rpm
firefox-en_GB-140.4.0-1.mga9.noarch.rpm
firefox-en_US-140.4.0-1.mga9.noarch.rpm
firefox-eo-140.4.0-1.mga9.noarch.rpm
firefox-es_AR-140.4.0-1.mga9.noarch.rpm
firefox-es_CL-140.4.0-1.mga9.noarch.rpm
firefox-es_ES-140.4.0-1.mga9.noarch.rpm
firefox-es_MX-140.4.0-1.mga9.noarch.rpm
firefox-et-140.4.0-1.mga9.noarch.rpm
firefox-eu-140.4.0-1.mga9.noarch.rpm
firefox-fa-140.4.0-1.mga9.noarch.rpm
firefox-ff-140.4.0-1.mga9.noarch.rpm
firefox-fi-140.4.0-1.mga9.noarch.rpm
firefox-fr-140.4.0-1.mga9.noarch.rpm
firefox-fur-140.4.0-1.mga9.noarch.rpm
firefox-fy_NL-140.4.0-1.mga9.noarch.rpm
firefox-ga_IE-140.4.0-1.mga9.noarch.rpm
firefox-gd-140.4.0-1.mga9.noarch.rpm
firefox-gl-140.4.0-1.mga9.noarch.rpm
firefox-gu_IN-140.4.0-1.mga9.noarch.rpm
firefox-he-140.4.0-1.mga9.noarch.rpm
firefox-hi_IN-140.4.0-1.mga9.noarch.rpm
firefox-hr-140.4.0-1.mga9.noarch.rpm
firefox-hsb-140.4.0-1.mga9.noarch.rpm
firefox-hu-140.4.0-1.mga9.noarch.rpm
firefox-hy_AM-140.4.0-1.mga9.noarch.rpm
firefox-ia-140.4.0-1.mga9.noarch.rpm
firefox-id-140.4.0-1.mga9.noarch.rpm
firefox-is-140.4.0-1.mga9.noarch.rpm
firefox-it-140.4.0-1.mga9.noarch.rpm
firefox-ja-140.4.0-1.mga9.noarch.rpm
firefox-ka-140.4.0-1.mga9.noarch.rpm
firefox-kab-140.4.0-1.mga9.noarch.rpm
firefox-kk-140.4.0-1.mga9.noarch.rpm
firefox-km-140.4.0-1.mga9.noarch.rpm
firefox-kn-140.4.0-1.mga9.noarch.rpm
firefox-ko-140.4.0-1.mga9.noarch.rpm
firefox-lij-140.4.0-1.mga9.noarch.rpm
firefox-lt-140.4.0-1.mga9.noarch.rpm
firefox-lv-140.4.0-1.mga9.noarch.rpm
firefox-mk-140.4.0-1.mga9.noarch.rpm
firefox-mr-140.4.0-1.mga9.noarch.rpm
firefox-ms-140.4.0-1.mga9.noarch.rpm
firefox-my-140.4.0-1.mga9.noarch.rpm
firefox-nb_NO-140.4.0-1.mga9.noarch.rpm
firefox-nl-140.4.0-1.mga9.noarch.rpm
firefox-nn_NO-140.4.0-1.mga9.noarch.rpm
firefox-oc-140.4.0-1.mga9.noarch.rpm
firefox-pa_IN-140.4.0-1.mga9.noarch.rpm
firefox-pl-140.4.0-1.mga9.noarch.rpm
firefox-pt_BR-140.4.0-1.mga9.noarch.rpm
firefox-pt_PT-140.4.0-1.mga9.noarch.rpm
firefox-ro-140.4.0-1.mga9.noarch.rpm
firefox-ru-140.4.0-1.mga9.noarch.rpm
firefox-sat-140.4.0-1.mga9.noarch.rpm
firefox-sc-140.4.0-1.mga9.noarch.rpm
firefox-si-140.4.0-1.mga9.noarch.rpm
firefox-sk-140.4.0-1.mga9.noarch.rpm
firefox-skr-140.4.0-1.mga9.noarch.rpm
firefox-sl-140.4.0-1.mga9.noarch.rpm
firefox-sq-140.4.0-1.mga9.noarch.rpm
firefox-sr-140.4.0-1.mga9.noarch.rpm
firefox-sv_SE-140.4.0-1.mga9.noarch.rpm
firefox-szl-140.4.0-1.mga9.noarch.rpm
firefox-ta-140.4.0-1.mga9.noarch.rpm
firefox-te-140.4.0-1.mga9.noarch.rpm
firefox-tg-140.4.0-1.mga9.noarch.rpm
firefox-th-140.4.0-1.mga9.noarch.rpm
firefox-tl-140.4.0-1.mga9.noarch.rpm
firefox-tr-140.4.0-1.mga9.noarch.rpm
firefox-uk-140.4.0-1.mga9.noarch.rpm
firefox-ur-140.4.0-1.mga9.noarch.rpm
firefox-uz-140.4.0-1.mga9.noarch.rpm
firefox-vi-140.4.0-1.mga9.noarch.rpm
firefox-xh-140.4.0-1.mga9.noarch.rpm
firefox-zh_CN-140.4.0-1.mga9.noarch.rpm
firefox-zh_TW-140.4.0-1.mga9.noarch.rpm

from SRPMS:
nss-3.117.0-1.mga9.src.rpm
rootcerts-20251003.00-1.mga9.src.rpm
firefox-140.4.0-1.2.mga9
firefox-l10n-140.4.0-1.mga9

firefox-140.4.0-1.2.mga9 builds in all architectures

Packagas to remove by sysadmin
cbindgen-0.27.0-1.1.mga9
rust-cbindgen+clap-devel-0.27.0-1.1.mga9.noarch.rpm
rust-cbindgen+default-devel-0.27.0-1.1.mga9.noarch.rpm
rust-cbindgen-devel-0.27.0-1.1.mga9.noarch.rpm

From rust-cbindgen-0.27.0-1.1.mgag9

Status comment: Packages in comment 28 => Packages in comment 46

Comment 47 Jani Välimaa 2025-10-21 10:47:15 CEST 
(In reply to katnatek from comment #46)
> Packagas to remove by sysadmin
> cbindgen-0.27.0-1.1.mga9
> rust-cbindgen+clap-devel-0.27.0-1.1.mga9.noarch.rpm
> rust-cbindgen+default-devel-0.27.0-1.1.mga9.noarch.rpm
> rust-cbindgen-devel-0.27.0-1.1.mga9.noarch.rpm
> 
> From rust-cbindgen-0.27.0-1.1.mgag9

rust-bindgen pkgs are removed from distrib and previous state restored in SVN. Pkgs disappears from mirrors next time when hdlists are (re)generated.
Comment 48 Thomas Andrews 2025-10-21 18:09:56 CEST 
MGA9-64 Plasma on two different systems. No installation issues. None of the cbindgen packages had been installed by previous tests, so I was concerned over nothing.

No issues to report. Facebook, Amazon, DuckDuckGo, Youtube, my local newspaper, no issues. My bank balks at Firefox in general, so while I probably could compensate by altering the user agent, I use Chromium for that. 

Activated a Surfshark VPN, and while some sites(like Amazon) still refuse to work if it's active, that's nothing new.

Looks good here.
Comment 49 katnatek 2025-10-21 19:32:03 CEST 
RH i586

Test webcam on zoom test 
Test youtube
Test regular visited sites not issues to report
Comment 50 Jose Manuel López 2025-10-22 15:32:16 CEST 
Updated today to 140.4. Works fine for me.

Banks ok.
Digital certificates ok.
Youtube, audio and video ok.
Autofirma ok.
Settings and addons ok.
Spanish translations ok.
Comment 51 katnatek 2025-10-22 18:51:27 CEST 
Brian and Herman please test again with firefox-140.4.0-1.2.mga9
We can forget the bogus rust packages the are not more in testing
Comment 52 Thomas Andrews 2025-10-22 22:37:42 CEST 
MGA9-64 Plasma on an HP Probook 6550b. Also MGA9-32 Xfce on the same hardware.

Looks OK here.
Comment 53 Brian Rockwell 2025-10-22 23:01:04 CEST 
MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

The following 10 packages are going to be installed:

- firefox-140.4.0-1.2.mga9.i586
- firefox-en_CA-140.4.0-1.mga9.noarch
- firefox-en_GB-140.4.0-1.mga9.noarch
- firefox-en_US-140.4.0-1.mga9.noarch
- libnss3-3.117.0-1.mga9.i586
- libopenssl3-3.0.18-1.mga9.i586
- nss-3.117.0-1.mga9.i586
- openssl-3.0.18-1.mga9.i586
- rootcerts-20251003.00-1.mga9.noarch
- rootcerts-java-20251003.00-1.mga9.noarch

43MB of additional disk space will be used.

---rebooted


spending time using firefox, etc.  - working
Comment 54 Morgan Leijström 2025-10-22 23:44:12 CEST 
OK x86_64, Plasma, on my workstation

- firefox, lib64nss, rootcerts

Clean update
Swedish localisation
Settings and tabs kept
Watched internet videos on youtube and svt.se
Some banking sites, tax office, ebay and other shops...
fetched and viewed pdf, printed
Surfed Nexcloud server, syncthing panel, Element, facebook
our bugzilla

$ firefox --version
Mozilla Firefox 140.4.0esr

[morgan@svarten ~]$ inxi -SMCG
System:
  Host: svarten.tribun Kernel: 6.6.105-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1204 min/max: 1200/2934 cores: 1: 1204 2: 1204 3: 1204
    4: 1204 5: 1204 6: 1204 7: 1204 8: 1204
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 compat-v: 4.5 vendor: amd mesa v: 25.0.7 renderer: AMD
    Radeon RX 6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54
    6.6.105-desktop-1.mga9)
Comment 55 Len Lawrence 2025-10-23 00:17:36 CEST 
mga9, x64

Tried to install these via qarepo:
firefox-140.4.0-1.1.mga9.x86_64
firefox-en_GB-140.4.0-1.mga9.noarch
lib64nss3-3.117.0-1.mga9.x86_64
lib64openssl3-3.0.18-1.mga9.x86_64
nss-3.117.0-1.mga9.x86_64
openssl-3.0.18-1.mga9.x86_64
rootcerts-20251003.00-1.mga9.noarch
rootcerts-java-20251003.00-1.mga9.noarch

firefox-140.4.0-1.1.mga9.x86_64 not found in the remote repository
lib64openssl3-3.0.18-1.mga9.x86_64 not found in the remote repository
openssl-3.0.18-1.mga9.x86_64 not found in the remote repository

CC: (none) => tarazed25

Comment 56 Len Lawrence 2025-10-23 00:32:55 CEST 
In reply to Len Lawrence in comment 55:
I see that the repository has these:
firefox-140.4.0-1.2
firefox-en_GB-140.4.0-1
Comment 57 Len Lawrence 2025-10-23 00:35:41 CEST 
Shall try Brian's list.
Comment 58 Thomas Andrews 2025-10-23 00:39:29 CEST 
(In reply to Len Lawrence from comment #56)
> In reply to Len Lawrence in comment 55:
> I see that the repository has these:
> firefox-140.4.0-1.2
> firefox-en_GB-140.4.0-1

Those are the correct packages.

The openssl packages were pushed with another bug, and are no longer in Updates_Testing for QArepo to find.
Comment 59 Len Lawrence 2025-10-23 00:47:35 CEST 
(In reply to Thomas Andrews from comment #58)
Thanks.  The updates installed fine.  Responding from the new Firefox.
Open tabs recovered automatically and everything else looks OK.
Comment 60 katnatek 2025-10-23 02:54:12 CEST 
(In reply to Len Lawrence from comment #56)
> In reply to Len Lawrence in comment 55:
> I see that the repository has these:
> firefox-140.4.0-1.2
> firefox-en_GB-140.4.0-1

Status Comment Field clearly says

"Packages in comment 46"
Comment 61 Thomas Andrews 2025-10-23 03:42:16 CEST 
Several good tests, no bad ones. Sending this on.

Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 62 Mageia Robot 2025-10-23 21:38:47 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0246.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.