[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2026-22
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 24 19:21:50 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b10a4de6 by Salvatore Bonaccorso at 2026-03-24T20:21:12+01:00
Add firefox-esr issues from mfsa2026-22
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,26 @@
CVE-2026-4721
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4721
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4721
CVE-2026-4729
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4720
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
CVE-2026-4719
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4719
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
CVE-2026-4718
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4718
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4718
CVE-2026-4728
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4728
@@ -24,49 +32,77 @@ CVE-2026-4726
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4717
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
CVE-2026-4716
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4716
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
CVE-2026-4715
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4715
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
CVE-2026-4714
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4714
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
CVE-2026-4713
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4713
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
CVE-2026-4712
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
CVE-2026-4725
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
CVE-2026-4711
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
CVE-2026-4710
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4710
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
CVE-2026-4709
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4709
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
CVE-2026-4708
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4708
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
CVE-2026-4707
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4707
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
CVE-2026-4706
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4706
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
CVE-2026-4705
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4705
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
CVE-2026-4704
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4704
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4704
CVE-2026-4724
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4724
@@ -75,64 +111,102 @@ CVE-2026-4723
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4702
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4702
CVE-2026-4722
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4701
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
CVE-2026-4700
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4700
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
CVE-2026-4699
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4699
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
CVE-2026-4698
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4698
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
CVE-2026-4697
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4697
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
CVE-2026-4696
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4696
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
CVE-2026-4695
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4695
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
CVE-2026-4694
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4694
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
CVE-2026-4693
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4693
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
CVE-2026-4692
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4692
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
CVE-2026-4691
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4691
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
CVE-2026-4690
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4690
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
CVE-2026-4689
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4689
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
CVE-2026-4688
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4688
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
CVE-2026-4687
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4687
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
CVE-2026-4686
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4686
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
CVE-2026-4685
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4685
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
CVE-2026-4684
- firefox <unfixed>
+ - firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4684
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4684
CVE-2026-4756 (Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick ...)
NOT-FOR-US: Android-ImageMagick7 (not associating it with src:imagemagick)
CVE-2026-4755 (CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue ...)
@@ -76563,6 +76637,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before 1618ca7, a content-addressed-m
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...)
- firefox <unfixed>
+ - firefox-esr <unfixed>
- expat 2.7.2-1 (bug #1115298)
[trixie] - expat <no-dsa> (Minor issue)
[bookworm] - expat <ignored> (Minor issue)
@@ -76593,6 +76668,7 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large
NOTE: Not a vulnerability per se, but rather a hardening and continuation of
NOTE: the billion laughs attack feature work (cf. CVE-2013-0340)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2025-59375
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2025-59375
CVE-2025-59364 (The express-xss-sanitizer (aka Express XSS Sanitizer) package through ...)
NOT-FOR-US: Node express-xss-sanitizer
CVE-2025-41713 (During a short time frame while the device is booting an unauthenticat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10a4de659efaeab1e9436006d05ecd3e71e7f92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10a4de659efaeab1e9436006d05ecd3e71e7f92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/2840da35/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list