[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2026-48

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2c1a567 by Salvatore Bonaccorso at 2026-05-19T20:58:04+02:00
Add firefox-esr issues from mfsa2026-48

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,13 @@
 CVE-2026-8975
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
 CVE-2026-8974
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
 CVE-2026-8973
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8973
@@ -15,13 +19,17 @@ CVE-2026-8971
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
 CVE-2026-8970
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8970
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8970
 CVE-2026-8969
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
 CVE-2026-8968
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8968
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8968
 CVE-2026-8967
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8967
@@ -39,34 +47,52 @@ CVE-2026-8963
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
 CVE-2026-8962
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8962
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
 CVE-2026-8961
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8961
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8961
 CVE-2026-8960
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8960
 CVE-2026-8959
 	- firefox <not-affected> (Only affects Firefox on Windows)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8959
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
 CVE-2026-8958
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8958
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
 CVE-2026-8957
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8957
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
 CVE-2026-8956
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8956
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
 CVE-2026-8955
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8955
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
 CVE-2026-8954
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8954
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
 CVE-2026-8953
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8953
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8953
 CVE-2026-8952
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8952
@@ -75,19 +101,27 @@ CVE-2026-8951
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
 CVE-2026-8950
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8950
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8950
 CVE-2026-8949
 	- firefox <not-affected> (Only affects Firefox on Windows)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8949
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8949
 CVE-2026-8948
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
 CVE-2026-8947
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8947
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
 CVE-2026-8946
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8946
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8946
 CVE-2026-8945
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8945
@@ -3316,10 +3350,14 @@ CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server all
 	NOT-FOR-US: Devolutions
 CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
 	- firefox 150.0.3-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8401
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
 CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
 	- firefox 150.0.3-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8391
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8391
 CVE-2026-8390 (Use-after-free in the JavaScript: WebAssembly component. This vulnerab ...)
 	- firefox 150.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8390
@@ -3328,7 +3366,9 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript Engine: JIT component. This
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8389
 CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT component. ...)
 	- firefox 150.0.3-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8388
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8388
 CVE-2026-8368 (LWP::UserAgent versions before 6.83 for Perl leak Authorization and Pr ...)
 	- libwww-perl 6.83-1 (bug #1136449)
 	[trixie] - libwww-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c1a5676912248c455207049cc1cdcdca53751e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c1a5676912248c455207049cc1cdcdca53751e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260519/5b1f4939/attachment.htm>