[Git][security-tracker-team/security-tracker][master] Track firefox-esr fixes via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 12 06:32:44 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4490595 by Salvatore Bonaccorso at 2024-06-12T07:32:13+02:00
Track firefox-esr fixes via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -303,14 +303,14 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve
 CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
 CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
 CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
 CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were being ig ...)
@@ -324,7 +324,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
 CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could  ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
 CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using allocat ...)
@@ -335,7 +335,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
 CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
 CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker could  ...)
@@ -345,12 +345,12 @@ CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker c
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
 CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
 CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
 CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX), a  ...)
@@ -358,7 +358,7 @@ CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
 CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 115.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
 CVE-2024-5687 (If a specific sequence of actions is performed when opening a new tab, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4490595c513f8005c39700d0ac0def366190c1c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4490595c513f8005c39700d0ac0def366190c1c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/2344a25d/attachment.htm>

More information about the debian-security-tracker-commits mailing list