[Git][security-tracker-team/security-tracker][master] Track firefox-esr issues fixed via unstable for mfsa2026-03

Salvatore Bonaccorso (@carnil) Wed, 14 Jan 2026 04:32:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5f1ef1d4 by Salvatore Bonaccorso at 2026-01-14T06:55:04+01:00
Track firefox-esr issues fixed via unstable for mfsa2026-03

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -784,12 +784,12 @@ CVE-2026-0892 (Memory safety bugs present in Firefox 146 
and Thunderbird 146. So
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892
 CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird 
ESR 140.6 ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0891
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
 CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop 
component. Thi ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0890
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0890
 CVE-2026-0889 (Denial-of-service in the DOM: Service Workers component. This 
vulnerab ...)
@@ -800,32 +800,32 @@ CVE-2026-0888 (Information disclosure in the XML 
component. This vulnerability a
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0888
 CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer 
component ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0887
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
 CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This 
vulnerab ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0886
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
 CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This 
vulnerability aff ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0885
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
 CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This 
vulnerability  ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0884
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
 CVE-2026-0883 (Information disclosure in the Networking component. This 
vulnerability ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0883
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
 CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects 
Firefo ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0882
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0882
 CVE-2026-0881 (Sandbox escape in the Messaging System component. This 
vulnerability a ...)
@@ -833,22 +833,22 @@ CVE-2026-0881 (Sandbox escape in the Messaging System 
component. This vulnerabil
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
 CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics 
component. This ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0880
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
 CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the 
Graphics co ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0879
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
 CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the 
Graphics: C ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0878
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
 CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This 
vulnerability a ...)
        - firefox 147.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0877
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0877
 CVE-2026-22837
@@ -16374,7 +16374,7 @@ CVE-2025-14328 (Privilege escalation in the Netmonitor 
component. This vulnerabi
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14328
 CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This 
vulnerability af ...)
        - firefox 146.0-1
-       - firefox-esr <unfixed>
+       - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14327
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2025-14327
 CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This 
vulnerability a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f1ef1d4ec8d7f9199c467dae0ff5127dbd9cbea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f1ef1d4ec8d7f9199c467dae0ff5127dbd9cbea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track firefox-esr issues fixed via unstable for mfsa2026-03

Reply via email to