[Git][security-tracker-team/security-tracker][master] Mark two CVEs as not-affected for firefox/thunderbird issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 25 14:41:48 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af3cbf79 by Salvatore Bonaccorso at 2026-03-25T15:41:17+01:00
Mark two CVEs as not-affected for firefox/thunderbird issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1109,9 +1109,9 @@ CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This vul
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4713
 CVE-2026-4712 (Information disclosure in the Widget: Cocoa component. This vulnerabil ...)
-	- firefox <unfixed>
-	- firefox-esr 140.9.0esr-1
-	- thunderbird <unfixed>
+	- firefox <not-affected> (Only affects Firefox on MacOS)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
+	- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4712
@@ -1119,9 +1119,9 @@ CVE-2026-4725 (Sandbox escape due to use-after-free in the Graphics: Canvas2D co
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
 CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This vulnerability affe ...)
-	- firefox <unfixed>
-	- firefox-esr 140.9.0esr-1
-	- thunderbird <unfixed>
+	- firefox <not-affected> (Only affects Firefox on MacOS)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
+	- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af3cbf79cb4c3ccd4675efdd72d773422b96ce12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af3cbf79cb4c3ccd4675efdd72d773422b96ce12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260325/5a2617b7/attachment.htm>

More information about the debian-security-tracker-commits mailing list