35272 – Firefox 140.9

Bug 35272 - Firefox 140.9

Summary: Firefox 140.9

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	35273
	Show dependency tree / graph

Reported:	2026-03-25 09:47 CET by Nicolas Salguero
Modified:	2026-04-02 18:49 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	nss, firefox, firefox-l10n
CVE:	CVE-2025-59375, CVE-2026-468[4-9], CVE-2026-469[0-9], CVE-2026-470[012456789], CVE-2026-471[0-9], CVE-2026-472[01]
Status comment:

Flags:	andrewsfarm: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-25 09:47:08 CET

Mozilla has released NSS 3.122 on March 19:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html

Mozilla has released Firefox 140.9 on March 24:
https://www.firefox.com/en-US/firefox/140.9.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/

Nicolas Salguero 2026-03-25 09:58:30 CET

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-59375, CVE-2026-468[4-9], CVE-2026-469[0-9], CVE-2026-470[012456789], CVE-2026-471[0-9], CVE-2026-472[01]
Source RPM: (none) => nss, firefox, firefox-l10n
Flags: (none) => affects_mga9+

Nicolas Salguero 2026-03-25 09:59:37 CET

Blocks: (none) => 35273

Comment 1 Lewis Smith 2026-03-25 10:20:07 CET

As ususal for this SRPM, assigning to you Nicolas.

Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2026-03-26 16:15:20 CET

For Cauldron, I asked for a freeze move.


Suggested advisory:
========================

The updated packages fix a security vulnerability:

Denial-of-service in the XML component. (CVE-2025-59375)

Race condition, use-after-free in the Graphics: WebRender component. (CVE-2026-4684)

Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4685)

Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4686)

Sandbox escape due to incorrect boundary conditions in the Telemetry component. (CVE-2026-4687)

Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-4688)

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4689)

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. (CVE-2026-4690)

Use-after-free in the CSS Parsing and Computation component. (CVE-2026-4691)

Sandbox escape in the Responsive Design Mode component. (CVE-2026-4692)

Incorrect boundary conditions in the Audio/Video: Playback component. (CVE-2026-4693)

Incorrect boundary conditions, integer overflow in the Graphics component. (CVE-2026-4694)

Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4695)

Use-after-free in the Layout: Text and Fonts component. (CVE-2026-4696)

Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-4697)

JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-4698)

Incorrect boundary conditions in the Layout: Text and Fonts component. (CVE-2026-4699)

Mitigation bypass in the Networking: HTTP component. (CVE-2026-4700)

Use-after-free in the JavaScript Engine component. (CVE-2026-4701)

JIT miscompilation in the JavaScript Engine component. (CVE-2026-4702)

Denial-of-service in the WebRTC: Signaling component. (CVE-2026-4704)

Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4705)

Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4706)

Incorrect boundary conditions in the Graphics: Canvas2D component. (CVE-2026-4707)

Incorrect boundary conditions in the Graphics component. (CVE-2026-4708)

Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-4709)

Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4710)

Use-after-free in the Widget: Cocoa component. (CVE-2026-4711)

Information disclosure in the Widget: Cocoa component. (CVE-2026-4712)

Incorrect boundary conditions in the Graphics component. (CVE-2026-4713)

Incorrect boundary conditions in the Audio/Video component. (CVE-2026-4714)

Uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-4715)

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. (CVE-2026-4716)

Privilege escalation in the Netmonitor component. (CVE-2026-4717)

Undefined behavior in the WebRTC: Signaling component. (CVE-2026-4718)

Incorrect boundary conditions in the Graphics: Text component. (CVE-2026-4719)

Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4720)

Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721)

References:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html
https://www.firefox.com/en-US/firefox/140.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/
========================

Updated packages in core/updates_testing:
========================
firefox-140.9.0-1.mga9
firefox-af-140.9.0-1.mga9
firefox-an-140.9.0-1.mga9
firefox-ar-140.9.0-1.mga9
firefox-ast-140.9.0-1.mga9
firefox-az-140.9.0-1.mga9
firefox-be-140.9.0-1.mga9
firefox-bg-140.9.0-1.mga9
firefox-bn-140.9.0-1.mga9
firefox-br-140.9.0-1.mga9
firefox-bs-140.9.0-1.mga9
firefox-ca-140.9.0-1.mga9
firefox-cs-140.9.0-1.mga9
firefox-cy-140.9.0-1.mga9
firefox-da-140.9.0-1.mga9
firefox-de-140.9.0-1.mga9
firefox-el-140.9.0-1.mga9
firefox-en_CA-140.9.0-1.mga9
firefox-en_GB-140.9.0-1.mga9
firefox-en_US-140.9.0-1.mga9
firefox-eo-140.9.0-1.mga9
firefox-es_AR-140.9.0-1.mga9
firefox-es_CL-140.9.0-1.mga9
firefox-es_ES-140.9.0-1.mga9
firefox-es_MX-140.9.0-1.mga9
firefox-et-140.9.0-1.mga9
firefox-eu-140.9.0-1.mga9
firefox-fa-140.9.0-1.mga9
firefox-ff-140.9.0-1.mga9
firefox-fi-140.9.0-1.mga9
firefox-fr-140.9.0-1.mga9
firefox-fur-140.9.0-1.mga9
firefox-fy_NL-140.9.0-1.mga9
firefox-ga_IE-140.9.0-1.mga9
firefox-gd-140.9.0-1.mga9
firefox-gl-140.9.0-1.mga9
firefox-gu_IN-140.9.0-1.mga9
firefox-he-140.9.0-1.mga9
firefox-hi_IN-140.9.0-1.mga9
firefox-hr-140.9.0-1.mga9
firefox-hsb-140.9.0-1.mga9
firefox-hu-140.9.0-1.mga9
firefox-hy_AM-140.9.0-1.mga9
firefox-ia-140.9.0-1.mga9
firefox-id-140.9.0-1.mga9
firefox-is-140.9.0-1.mga9
firefox-it-140.9.0-1.mga9
firefox-ja-140.9.0-1.mga9
firefox-ka-140.9.0-1.mga9
firefox-kab-140.9.0-1.mga9
firefox-kk-140.9.0-1.mga9
firefox-km-140.9.0-1.mga9
firefox-kn-140.9.0-1.mga9
firefox-ko-140.9.0-1.mga9
firefox-lij-140.9.0-1.mga9
firefox-lt-140.9.0-1.mga9
firefox-lv-140.9.0-1.mga9
firefox-mk-140.9.0-1.mga9
firefox-mr-140.9.0-1.mga9
firefox-ms-140.9.0-1.mga9
firefox-my-140.9.0-1.mga9
firefox-nb_NO-140.9.0-1.mga9
firefox-nl-140.9.0-1.mga9
firefox-nn_NO-140.9.0-1.mga9
firefox-oc-140.9.0-1.mga9
firefox-pa_IN-140.9.0-1.mga9
firefox-pl-140.9.0-1.mga9
firefox-pt_BR-140.9.0-1.mga9
firefox-pt_PT-140.9.0-1.mga9
firefox-ro-140.9.0-1.mga9
firefox-ru-140.9.0-1.mga9
firefox-sat-140.9.0-1.mga9
firefox-sc-140.9.0-1.mga9
firefox-si-140.9.0-1.mga9
firefox-sk-140.9.0-1.mga9
firefox-sl-140.9.0-1.mga9
firefox-sq-140.9.0-1.mga9
firefox-sr-140.9.0-1.mga9
firefox-sv_SE-140.9.0-1.mga9
firefox-szl-140.9.0-1.mga9
firefox-ta-140.9.0-1.mga9
firefox-te-140.9.0-1.mga9
firefox-tg-140.9.0-1.mga9
firefox-th-140.9.0-1.mga9
firefox-tl-140.9.0-1.mga9
firefox-tr-140.9.0-1.mga9
firefox-uk-140.9.0-1.mga9
firefox-ur-140.9.0-1.mga9
firefox-uz-140.9.0-1.mga9
firefox-vi-140.9.0-1.mga9
firefox-xh-140.9.0-1.mga9
firefox-zh_CN-140.9.0-1.mga9
firefox-zh_TW-140.9.0-1.mga9

lib(64)nss-devel-3.122.0-1.mga9
lib(64)nss-static-devel-3.122.0-1.mga9
lib(64)nss3-3.122.0-1.mga9
nss-3.122.0-1.mga9
nss-doc-3.122.0-1.mga9

from SRPMS:
firefox-140.9.0-1.mga9.src.rpm
firefox-l10n-140.9.0-1.mga9.src.rpm
nss-3.122.0-1.mga9.src.rpm

Flags: affects_mga9+ => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Nicolas Salguero 2026-03-26 16:21:13 CET

Assignee: nicolas.salguero => qa-bugs

Comment 3 Herman Viaene 2026-03-26 17:22:04 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Tested with newspaper site and youtube for text, sound and video, all works OK.

CC: (none) => herman.viaene

Comment 4 Morgan Leijström 2026-03-26 19:17:54 CET

mga9-64 OK here 

Plasma, X11, GeForce GTX 1070 Ti using modesetting, backport kernel 6.18

Swedish localisation.
Settings and tabs kept.
Various sites including shops, video, banking.
Viewing and printing pdf to network printer.

[morgan@svarten ~]$ firefox --version
Mozilla Firefox 140.8.0esr

[morgan@svarten ~]$ inxi -SG

System:
  Host: svarten.tribun Kernel: 6.18.4-desktop-3.stabletesting.mga9
    arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Graphics:
  Device-1: NVIDIA GP104 [GeForce GTX 1070 Ti] driver: nouveau v: kernel
  Display: x11 server: X.org v: 1.21.1.21 with: Xwayland v: 22.1.9 driver:
    X: loaded: modesetting,v4l dri: nouveau gpu: nouveau
    resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: nouveau,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.5 compat-v: 4.3 vendor: mesa v: 25.0.7 renderer: NV134

CC: (none) => fri

Comment 5 Thomas Andrews 2026-03-27 22:21:00 CET

MGA9-64 Plasma, US English version. No installation issues.

Tried a variety of sites, Amazon tracking, several Youtube videos, Facebook, Syracuse newspaper. Everything worked as it should.

CC: (none) => andrewsfarm

katnatek 2026-03-28 02:48:03 CET

Keywords: (none) => advisory

Comment 6 Thomas Andrews 2026-04-02 16:33:08 CEST

I've been using this in Cauldron for a week or so, with no issues except with my bank. But, my bank hasn't let me log in using a Firefox ESR for 2-3 years, so that's not unusual. I could probably use a user agent switcher to make it look like I'm using something else, but it's not worth the trouble. I just use Chromium from Flathub, instead.

With no new issues reported, I'm sending this on.

Validating.

Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update
Flags: (none) => test_passed_mga9_64+
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2026-04-02 18:49:46 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0080.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.