[Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Aug 29 16:00:28 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2277139 by Moritz Muehlenhoff at 2023-08-29T16:59:51+02:00
new firefox issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-4585
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
+CVE-2023-4584
+ - firefox-esr <unfixed>
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584
+CVE-2023-4583
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583
+CVE-2023-4582
+ - firefox-esr <not-affected> (MacOS-specific)
+ - firefox <not-affected> (MacOS-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4582
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
+CVE-2023-4581
+ - firefox-esr <unfixed>
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581
+CVE-2023-4580
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580
+CVE-2023-4579
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579
+CVE-2023-4578
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578
+CVE-2023-4577
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577
+CVE-2023-4576
+ - firefox-esr <not-affected> (Windows-specific)
+ - firefox <not-affected> (Windows-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4576
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
+CVE-2023-4575
+ - firefox-esr <unfixed>
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
+CVE-2023-4574
+ - firefox-esr <unfixed>
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
+CVE-2023-4573
+ - firefox-esr <unfixed>
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573
CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...)
TODO: check
CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...)
@@ -3690,7 +3776,12 @@ CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054
CVE-2023-4053 (A website could have obscured the full screen notification by using a ...)
- firefox 116.0-1
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053
CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...)
- firefox <not-affected> (Affects only Firefox on Windows)
- firefox-esr <not-affected> (Affects only Firefox ESR 115.0.1 on Windows)
@@ -3700,7 +3791,12 @@ CVE-2023-4052 (The Firefox updater created a directory writable by non-privilege
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4052
CVE-2023-4051 (A website could have obscured the full screen notification by using th ...)
- firefox 116.0-1
+ - firefox-esr <unfixed>
+ [bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
+ [bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
+ [buster] - firefox-esr <not-affected> (ESR 102 not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4051
CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...)
{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,8 @@ cinder/oldstable
--
file/oldstable
--
+firefox-esr (jmm)
+--
flac/oldstable
--
frr (aron)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d227713923ba7240ffc7d8beb4680bbeaf5855ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d227713923ba7240ffc7d8beb4680bbeaf5855ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230829/ea06c6c1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list