[Git][security-tracker-team/security-tracker][master] firefox fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 30 09:42:08 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4183943 by Moritz Mühlenhoff at 2025-04-30T10:41:33+02:00
firefox fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154,10 +154,10 @@ CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird 1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
 CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
 CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ES ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	- firefox-esr 128.10.0esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4091
@@ -167,13 +167,13 @@ CVE-2025-4090 (A vulnerability existed in Firefox for Android where potentially
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4090
 CVE-2025-4089 (Due to insufficient escaping of special characters in the "copy as cUR ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4089
 CVE-2025-4088 (A security vulnerability in Firefox allowed malicious sites to use red ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
 CVE-2025-4087 (A vulnerability was identified in Firefox where XPath parsing could tr ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	- firefox-esr 128.10.0esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4087
@@ -183,7 +183,7 @@ CVE-2025-4086 (A specially crafted filename containing a large number of encoded
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4086
 CVE-2025-4085 (An attacker with control over a content process could potentially leve ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4085
 CVE-2025-4084 (Due to insufficient escaping of the special characters in the "copy as ...)
 	- firefox-esr <not-affected> (Only affects Firefox on Windows)
@@ -191,7 +191,7 @@ CVE-2025-4084 (Due to insufficient escaping of the special characters in the "co
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
 CVE-2025-4083 (A process isolation vulnerability in Firefox stemmed from improper han ...)
-	- firefox <unfixed>
+	- firefox 138.0-1
 	- firefox-esr 128.10.0esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4083
@@ -17792,7 +17792,7 @@ CVE-2025-1942 (When String.toUpperCase() caused a string to get longer it was po
 	- firefox 136.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1942
 CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus should r ...)
-	- firefox <unfixed>
+	- firefox <not-affected> (Only affects Firefox Focus on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
 CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout and ru ...)
 	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4183943eaa46e2cf2cd188502c04c902fea31e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4183943eaa46e2cf2cd188502c04c902fea31e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/52b4fc64/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list