Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4183943 by Moritz Mühlenhoff at 2025-04-30T10:41:33+02:00
firefox fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154,10 +154,10 @@ CVE-2025-4093 (Memory safety bug present in Firefox ESR
128.9, and Thunderbird 1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137.
Some of ...)
- - firefox <unfixed>
+ - firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137,
Firefox ES ...)
- - firefox <unfixed>
+ - firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4091
@@ -167,13 +167,13 @@ CVE-2025-4090 (A vulnerability existed in Firefox for
Android where potentially
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4090
CVE-2025-4089 (Due to insufficient escaping of special characters in the "copy
as cUR ...)
- - firefox <unfixed>
+ - firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4089
CVE-2025-4088 (A security vulnerability in Firefox allowed malicious sites to
use red ...)
- - firefox <unfixed>
+ - firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
CVE-2025-4087 (A vulnerability was identified in Firefox where XPath parsing
could tr ...)
- - firefox <unfixed>
+ - firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4087
@@ -183,7 +183,7 @@ CVE-2025-4086 (A specially crafted filename containing a
large number of encoded
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4086
CVE-2025-4085 (An attacker with control over a content process could
potentially leve ...)
- - firefox <unfixed>
+ - firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4085
CVE-2025-4084 (Due to insufficient escaping of the special characters in the
"copy as ...)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
@@ -191,7 +191,7 @@ CVE-2025-4084 (Due to insufficient escaping of the special
characters in the "co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
CVE-2025-4083 (A process isolation vulnerability in Firefox stemmed from
improper han ...)
- - firefox <unfixed>
+ - firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4083
@@ -17792,7 +17792,7 @@ CVE-2025-1942 (When String.toUpperCase() caused a
string to get longer it was po
- firefox 136.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1942
CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus
should r ...)
- - firefox <unfixed>
+ - firefox <not-affected> (Only affects Firefox Focus on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout
and ru ...)
{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4183943eaa46e2cf2cd188502c04c902fea31e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4183943eaa46e2cf2cd188502c04c902fea31e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
