[Git][security-tracker-team/security-tracker][master] new firefox-esr issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 16 17:19:46 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9f3f0d6 by Moritz Muehlenhoff at 2024-04-16T18:19:04+02:00
new firefox-esr issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,45 @@
 CVE-2024-3302
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
 CVE-2024-3865
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
 CVE-2024-3864
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
 CVE-2024-3863
 	- firefox <not-affected> (Windows-specific)
+	- firefox-esr <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
 CVE-2024-3862
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
 CVE-2024-3861
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
 CVE-2024-3860
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
 CVE-2024-3859
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
 CVE-2024-3858
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
 CVE-2024-3857
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
 CVE-2024-3856
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
@@ -36,13 +48,17 @@ CVE-2024-3855
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
 CVE-2024-3854
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
 CVE-2024-3853
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
 CVE-2024-3852
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
 	NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...)
@@ -8734,7 +8750,9 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
 CVE-2024-2609 (The permission prompt input delay could have expired while the window  ...)
 	- firefox 124.0-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609
 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
 	{DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
 	- firefox 124.0-1


=====================================
data/dsa-needed.txt
=====================================
@@ -25,11 +25,13 @@ emacs
 --
 expat (carnil)
 --
+firefox-esr (jmm)
+--
 frr
 --
 gpac/oldstable
 --
-guix
+guix (jmm)
   Maintainer has proposed to handle this as DSA, proposed debdiffs
 --
 h2o (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f3f0d61f4a48c56b5e53797a947dde2a7aff61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f3f0d61f4a48c56b5e53797a947dde2a7aff61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240416/86d3f9a4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list