[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 20 05:42:41 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc90a8f8 by Salvatore Bonaccorso at 2023-12-20T06:41:53+01:00
Track fixed version for firefox via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -108,87 +108,87 @@ CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.  Thi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
 CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
 CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
 CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
 CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872
 CVE-2023-6871 (Under certain conditions, Firefox did not display a warning when a use ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871
 CVE-2023-6870 (Applications which spawn a Toast notification in a background thread m ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870
 CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint content o ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869
 CVE-2023-6868 (In some instances, the user-agent would allow push requests which lack ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
 CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
 CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
 CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
 CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling. This ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
 CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
 CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment`  ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
 CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to  ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
 CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
 CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
-	- firefox <unfixed>
+	- firefox 121.0-1
 	- firefox-esr 115.6.0esr-1
 	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc90a8f865419da13ce548bc63baddc54575d1a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc90a8f865419da13ce548bc63baddc54575d1a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/80b7ce90/attachment.htm>

More information about the debian-security-tracker-commits mailing list