[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2024-13

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 19 18:11:42 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13a7c366 by Salvatore Bonaccorso at 2024-03-19T19:11:11+01:00
Add firefox-esr issues from mfsa2024-13

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,36 +1,53 @@
+CVE-2024-2616
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
 CVE-2024-2615
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
 CVE-2024-2614
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2614
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614
 CVE-2024-2613
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
 CVE-2024-2612
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2612
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
 CVE-2024-2611
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2611
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
 CVE-2024-2610
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
 CVE-2024-2609
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
 CVE-2024-2608
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2608
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
 CVE-2024-2607
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2607
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607
 CVE-2024-2606
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2606
 CVE-2024-2605
 	- firefox <not-affected> (Only affects Firefox on Windows)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2605
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2605
 CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication Command and  ...)
 	NOT-FOR-US: Fujian
 CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication Command and  ...)
@@ -13137,8 +13154,10 @@ CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced
 CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...)
 	{DLA-3757-1}
 	- firefox 122.0-1
+	- firefox-esr <unfixed>
 	- nss 2:3.96.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-0743
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
 	NOTE: https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493b
 CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be activate ...)
@@ -29862,6 +29881,7 @@ CVE-2023-39333
 CVE-2023-5388
 	{DLA-3757-1}
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	- nss 2:3.98-1 (bug #1056284)
 	[bookworm] - nss <no-dsa> (Minor issue)
 	[bullseye] - nss <no-dsa> (Minor issue)
@@ -29869,6 +29889,7 @@ CVE-2023-5388
 	NOTE: Vendor patch (Rocky Linux, not upstreamed): https://git.rockylinux.org/staging/rpms/nss/-/commit/1f7f7523b61a2ada2f461548c4160fbbf979c5dd
 	NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/196716d8377ab427e326f20bff2d026e90ac69e2
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2023-5388
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2023-5388
 CVE-2023-5551 (Separate Groups mode restrictions were not honoured in the forum summa ...)
 	- moodle <removed>
 CVE-2023-5550 (In a shared hosting environment that has been misconfigured to allow a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a7c366e70004a28262e719ffbaa2cdb510793e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a7c366e70004a28262e719ffbaa2cdb510793e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240319/e1b12a4d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list