[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 10 05:25:13 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce463371 by Salvatore Bonaccorso at 2025-12-10T06:24:31+01:00
Track fixed version for firefox-esr issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -793,7 +793,7 @@ CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may caus
 	NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14333
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14333
 CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of ...)
@@ -801,22 +801,22 @@ CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. S
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
 CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14331
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
 CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14330
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
 CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14329
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
 CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14328
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
 CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This vulnerability af ...)
@@ -827,27 +827,27 @@ CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
 CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14325
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
 CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14324
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
 CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14323
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
 CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14322
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
 CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability  ...)
 	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox-esr 140.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14321
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14321
 CVE-2025-67504 (WBCE CMS is a content management system. Versions 1.6.4 and below use  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce46337126d3ce6ccfe2db104277c0fdf189ae8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce46337126d3ce6ccfe2db104277c0fdf189ae8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251210/548de2ff/attachment.htm>

More information about the debian-security-tracker-commits mailing list