[Git][security-tracker-team/security-tracker][master] Track firefox issues fixed via unstable (for mfsa2025-51)

Salvatore Bonaccorso (@carnil) Tue, 24 Jun 2025 23:21:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
64d2554f by Salvatore Bonaccorso at 2025-06-25T08:10:32+02:00
Track firefox issues fixed via unstable (for mfsa2025-51)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -200,30 +200,30 @@ CVE-2024-56916 (In Netbox Community 4.1.7, once 
authenticated, Configuration His
 CVE-2024-37743 (An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote 
attacker to ex ...)
        TODO: check
 CVE-2025-6436 (Memory safety bugs present in Firefox 139 and Thunderbird 139. 
Some of ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6436
 CVE-2025-6435 (If a user saved a response from the Network tab in Devtools 
using the  ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6435
 CVE-2025-6434 (The exception page for the HTTPS-Only feature, displayed when a 
websit ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6434
 CVE-2025-6433 (If a user visited a webpage with an invalid TLS certificate, 
and grant ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6433
 CVE-2025-6432 (When Multi-Account Containers was enabled, DNS requests could 
have byp ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6432
 CVE-2025-6431 (When a link can be opened in an external application, Firefox 
for Andr ...)
        - firefox <not-affected> (Android-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6431
 CVE-2025-6430 (When a file download is specified via the `Content-Disposition` 
header ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
 CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to 
the yo ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6429
@@ -231,7 +231,7 @@ CVE-2025-6428 (When a URL was provided in a link 
querystring parameter, Firefox
        - firefox <not-affected> (Android-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6428
 CVE-2025-6427 (An attacker was able to bypass the `connect-src` directive of a 
Conten ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6427
 CVE-2025-6426 (The executable file warning did not warn users before opening 
files wi ...)
        - firefox <not-affected> (MacOS-specific)
@@ -239,12 +239,12 @@ CVE-2025-6426 (The executable file warning did not warn 
users before opening fil
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
 CVE-2025-6425 (An attacker who enumerated resources from the WebCompat 
extension coul ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
 CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially 
exploitable  ...)
-       - firefox <unfixed>
+       - firefox 140.0-1
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6424



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d2554f6ed8dd4a4b101f1c3e14670ae4c71e2e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d2554f6ed8dd4a4b101f1c3e14670ae4c71e2e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track firefox issues fixed via unstable (for mfsa2025-51)

Reply via email to