[Git][security-tracker-team/security-tracker][master] Track firefox issues fixed via unstable (for mfsa2025-51)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 25 07:11:15 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64d2554f by Salvatore Bonaccorso at 2025-06-25T08:10:32+02:00
Track firefox issues fixed via unstable (for mfsa2025-51)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -200,30 +200,30 @@ CVE-2024-56916 (In Netbox Community 4.1.7, once authenticated, Configuration His
 CVE-2024-37743 (An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to ex ...)
 	TODO: check
 CVE-2025-6436 (Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6436
 CVE-2025-6435 (If a user saved a response from the Network tab in Devtools using the  ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6435
 CVE-2025-6434 (The exception page for the HTTPS-Only feature, displayed when a websit ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6434
 CVE-2025-6433 (If a user visited a webpage with an invalid TLS certificate, and grant ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6433
 CVE-2025-6432 (When Multi-Account Containers was enabled, DNS requests could have byp ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6432
 CVE-2025-6431 (When a link can be opened in an external application, Firefox for Andr ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6431
 CVE-2025-6430 (When a file download is specified via the `Content-Disposition` header ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
 CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to the yo ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6429
@@ -231,7 +231,7 @@ CVE-2025-6428 (When a URL was provided in a link querystring parameter, Firefox
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6428
 CVE-2025-6427 (An attacker was able to bypass the `connect-src` directive of a Conten ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6427
 CVE-2025-6426 (The executable file warning did not warn users before opening files wi ...)
 	- firefox <not-affected> (MacOS-specific)
@@ -239,12 +239,12 @@ CVE-2025-6426 (The executable file warning did not warn users before opening fil
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
 CVE-2025-6425 (An attacker who enumerated resources from the WebCompat extension coul ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
 CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially exploitable  ...)
-	- firefox <unfixed>
+	- firefox 140.0-1
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6424



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d2554f6ed8dd4a4b101f1c3e14670ae4c71e2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d2554f6ed8dd4a4b101f1c3e14670ae4c71e2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/3908254d/attachment.htm>

More information about the debian-security-tracker-commits mailing list