[Git][security-tracker-team/security-tracker][master] firefox fixed in sid

Moritz Muehlenhoff (@jmm) Wed, 08 Jan 2025 02:08:28 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
25bc883a by Moritz Muehlenhoff at 2025-01-08T11:07:58+01:00
firefox fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -572,40 +572,40 @@ CVE-2024-11826 (The Quill Forms | The Best Typeform 
Alternative | Create Convers
 CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute 
arbitrary comma ...)
        TODO: check
 CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. 
Some of ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
 CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, 
Firefox ES ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
 CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, 
Firefox ES ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
 CVE-2025-0241 (When segmenting specially crafted text, segmentation would 
corrupt mem ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
 CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some 
circumstances, c ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
 CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates 
when t ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
 CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker 
could have ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
 CVE-2025-0237 (The WebChannel API, which is used to transport various 
information acr ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        - firefox-esr 128.6.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237
@@ -10770,10 +10770,10 @@ CVE-2024-11708 (Missing thread synchronization 
primitives could have led to a da
        - firefox 133.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11708
 CVE-2024-11706 (A null pointer dereference may have inadvertently occurred in 
`pk12uti ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11706
 CVE-2024-11705 (`NSC_DeriveKey` inadvertently assumed that the `phKey` 
parameter is al ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11705
 CVE-2024-11698 (A flaw in handling fullscreen transitions may have 
inadvertently cause ...)
        - firefox <not-affected> (Only affects Firefox on MacOS)
@@ -10783,7 +10783,7 @@ CVE-2024-11698 (A flaw in handling fullscreen 
transitions may have inadvertently
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
 CVE-2024-11704 (A double-free issue could have occurred in 
`sec_pkcs7_decoder_start_de ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704
 CVE-2024-11697 (When handling keypress events, an attacker may have been able 
to trick ...)
        {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
@@ -10802,7 +10802,7 @@ CVE-2024-11696 (The application failed to account for 
exceptions thrown by the `
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11696
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11696
 CVE-2024-11703 (On Android, Firefox may have inadvertently allowed viewing 
saved passw ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11703
 CVE-2024-11695 (A crafted URL containing Arabic script and whitespace 
characters could ...)
        {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
@@ -10828,7 +10828,7 @@ CVE-2024-11693 (The executable file warning was not 
presented when downloading .
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11693
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11693
 CVE-2024-11702 (Copying sensitive information from Private Browsing tabs on 
Android, s ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11702
 CVE-2024-11701 (The incorrect domain may have been displayed in the address 
bar during ...)
        - firefox 133.0-1
@@ -10842,7 +10842,7 @@ CVE-2024-11692 (An attacker could cause a select 
dropdown to be shown over anoth
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692
 CVE-2024-11700 (Malicious websites may have been able to perform user intent 
confirmat ...)
-       - firefox <unfixed>
+       - firefox 134.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11700
 CVE-2024-11691 (Certain WebGL operations on Apple silicon M series devices 
could have  ...)
        - firefox <not-affected> (Only affects Firefox on MacOS)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bc883a4ff79ebffe4271177e7c2cbc30db954d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bc883a4ff79ebffe4271177e7c2cbc30db954d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] firefox fixed in sid

Reply via email to