[Git][security-tracker-team/security-tracker][master] firefox fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 8 10:08:18 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25bc883a by Moritz Muehlenhoff at 2025-01-08T11:07:58+01:00
firefox fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -572,40 +572,40 @@ CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create Convers
 CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute arbitrary comma ...)
 	TODO: check
 CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
 CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
 CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
 CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrupt mem ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
 CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
 CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates when t ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
 CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could have ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
 CVE-2025-0237 (The WebChannel API, which is used to transport various information acr ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237
@@ -10770,10 +10770,10 @@ CVE-2024-11708 (Missing thread synchronization primitives could have led to a da
 	- firefox 133.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11708
 CVE-2024-11706 (A null pointer dereference may have inadvertently occurred in `pk12uti ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11706
 CVE-2024-11705 (`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is al ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11705
 CVE-2024-11698 (A flaw in handling fullscreen transitions may have inadvertently cause ...)
 	- firefox <not-affected> (Only affects Firefox on MacOS)
@@ -10783,7 +10783,7 @@ CVE-2024-11698 (A flaw in handling fullscreen transitions may have inadvertently
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
 CVE-2024-11704 (A double-free issue could have occurred in `sec_pkcs7_decoder_start_de ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704
 CVE-2024-11697 (When handling keypress events, an attacker may have been able to trick ...)
 	{DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
@@ -10802,7 +10802,7 @@ CVE-2024-11696 (The application failed to account for exceptions thrown by the `
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11696
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11696
 CVE-2024-11703 (On Android, Firefox may have inadvertently allowed viewing saved passw ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11703
 CVE-2024-11695 (A crafted URL containing Arabic script and whitespace characters could ...)
 	{DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
@@ -10828,7 +10828,7 @@ CVE-2024-11693 (The executable file warning was not presented when downloading .
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11693
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11693
 CVE-2024-11702 (Copying sensitive information from Private Browsing tabs on Android, s ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11702
 CVE-2024-11701 (The incorrect domain may have been displayed in the address bar during ...)
 	- firefox 133.0-1
@@ -10842,7 +10842,7 @@ CVE-2024-11692 (An attacker could cause a select dropdown to be shown over anoth
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692
 CVE-2024-11700 (Malicious websites may have been able to perform user intent confirmat ...)
-	- firefox <unfixed>
+	- firefox 134.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11700
 CVE-2024-11691 (Certain WebGL operations on Apple silicon M series devices could have  ...)
 	- firefox <not-affected> (Only affects Firefox on MacOS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bc883a4ff79ebffe4271177e7c2cbc30db954d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bc883a4ff79ebffe4271177e7c2cbc30db954d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250108/98925696/attachment.htm>

More information about the debian-security-tracker-commits mailing list