[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 25 14:03:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
377b8313 by Salvatore Bonaccorso at 2026-03-25T15:02:26+01:00
Track fixed version for firefox-esr issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1035,7 +1035,7 @@ CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow vulnera
TODO: check
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, T ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4721
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4721
@@ -1045,21 +1045,21 @@ CVE-2026-4729 (Memory safety bugs present in Firefox 148 and Thunderbird 148. So
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8 ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4720
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4720
CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. This vu ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4719
CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4718
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4718
@@ -1075,42 +1075,42 @@ CVE-2026-4726 (Denial-of-service in the XML component. This vulnerability affect
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4717
CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaScript ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4716
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4716
CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vulnera ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4715
CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4714
CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4713
CVE-2026-4712 (Information disclosure in the Widget: Cocoa component. This vulnerabil ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
@@ -1120,56 +1120,56 @@ CVE-2026-4725 (Sandbox escape due to use-after-free in the Graphics: Canvas2D co
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This vulnerability affe ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711
CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4710
CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component. This ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4709
CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4708
CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4707
CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4706
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4706
CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4705
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4705
CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This vulnerabili ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4704
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4704
@@ -1182,7 +1182,7 @@ CVE-2026-4723 (Use-after-free in the JavaScript Engine component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This vulnerabil ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4702
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4702
@@ -1192,126 +1192,126 @@ CVE-2026-4722 (Privilege escalation in the IPC component. This vulnerability aff
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4701
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4701
CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnerabilit ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4700
CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts component. ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4699
CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4698
CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4697
CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vulnerabi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4696
CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4695
CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics compon ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4694
CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback component. ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4693
CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vulnerabi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4692
CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This vuln ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4691
CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4690
CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4689
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4689
CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4688
CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Telemetry c ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4687
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4687
CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4686
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4686
CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4685
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4685
CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender component. T ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4684
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4684
@@ -77774,7 +77774,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before 1618ca7, a content-addressed-m
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 140.9.0esr-1
- thunderbird <unfixed>
- expat 2.7.2-1 (bug #1115298)
[trixie] - expat <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/377b831325708312c0b02dacf6938e72d4394b16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/377b831325708312c0b02dacf6938e72d4394b16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260325/ddc154db/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list