Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8eeb5a7c by Salvatore Bonaccorso at 2026-02-26T05:47:52+01:00
Track fixes for firefox for mfsa2026-13 issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -645,100 +645,100 @@ CVE-2024-1524 (When the "Silent Just-In-Time
Provisioning" feature is enabled fo
NOT-FOR-US: WSO2
CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR
140.7, T ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird
ESR 140.7 ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2792
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2792
CVE-2026-2807 (Memory safety bugs present in Firefox 147 and Thunderbird 147.
Some of ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2807
CVE-2026-2791 (Mitigation bypass in the Networking: Cache component. This
vulnerabili ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component.
This vulne ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2790
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2790
CVE-2026-2806 (Uninitialized memory in the Graphics: Text component. This
vulnerabili ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2806
CVE-2026-2789 (Use-after-free in the Graphics: ImageLib component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2789
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2788
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This
vulnera ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2787
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2787
CVE-2026-2805 (Invalid pointer in the DOM: Core & HTML component. This
vulnerability ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2805
CVE-2026-2786 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2786
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2786
CVE-2026-2804 (Use-after-free in the JavaScript: WebAssembly component. This
vulnerab ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2804
CVE-2026-2785 (Invalid pointer in the JavaScript Engine component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2785
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2785
CVE-2026-2784 (Mitigation bypass in the DOM: Security component. This
vulnerability a ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2784
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2784
CVE-2026-2803 (Information disclosure, mitigation bypass in the Settings UI
component ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2803
CVE-2026-2802 (Race condition in the JavaScript: GC component. This
vulnerability aff ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2802
CVE-2026-2783 (Information disclosure due to JIT miscompilation in the
JavaScript Eng ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2783
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2783
CVE-2026-2782 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2782
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2782
CVE-2026-2801 (Incorrect boundary conditions in the JavaScript: WebAssembly
component ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
- nss 2:3.121-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2781
@@ -747,7 +747,7 @@ CVE-2026-2781 (Integer overflow in the Libraries component
in NSS. This vulnerab
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/245385e16fa6
CVE-2026-2780 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2780
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2780
@@ -756,19 +756,19 @@ CVE-2026-2800 (Spoofing issue in the WebAuthn component
in Firefox for Android.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2800
CVE-2026-2779 (Incorrect boundary conditions in the Networking: JAR component.
This v ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2779
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2779
CVE-2026-2778 (Sandbox escape due to incorrect boundary conditions in the DOM:
Core & ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2778
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2778
CVE-2026-2777 (Privilege escalation in the Messaging System component. This
vulnerabi ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2777
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2777
@@ -779,124 +779,124 @@ CVE-2026-2776 (Sandbox escape due to incorrect boundary
conditions in the Teleme
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2776
CVE-2026-2775 (Mitigation bypass in the DOM: HTML Parser component. This
vulnerabilit ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2775
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2775
CVE-2026-2774 (Integer overflow in the Audio/Video component. This
vulnerability affe ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2774
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2774
CVE-2026-2773 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2773
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2773
CVE-2026-2772 (Use-after-free in the Audio/Video: Playback component. This
vulnerabil ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2772
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2772
CVE-2026-2771 (Undefined behavior in the DOM: Core & HTML component. This
vulnerabili ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2771
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2771
CVE-2026-2770 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2770
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2770
CVE-2026-2799 (Use-after-free in the DOM: Core & HTML component. This
vulnerability a ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2799
CVE-2026-2769 (Use-after-free in the Storage: IndexedDB component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2769
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2769
CVE-2026-2798 (Use-after-free in the DOM: Core & HTML component. This
vulnerability a ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2798
CVE-2026-2768 (Sandbox escape in the Storage: IndexedDB component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2768
CVE-2026-2767 (Use-after-free in the JavaScript: WebAssembly component. This
vulnerab ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2767
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2767
CVE-2026-2766 (Use-after-free in the JavaScript Engine: JIT component. This
vulnerabi ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2766
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2766
CVE-2026-2765 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2765
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2765
CVE-2026-2797 (Use-after-free in the JavaScript: GC component. This
vulnerability aff ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2797
CVE-2026-2796 (JIT miscompilation in the JavaScript: WebAssembly component.
This vuln ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2796
CVE-2026-2764 (JIT miscompilation, use-after-free in the JavaScript Engine:
JIT compo ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2764
CVE-2026-2763 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2763
CVE-2026-2762 (Integer overflow in the JavaScript: Standard Library component.
This v ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2762
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2762
CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This
vulnerabilit ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the
Graphics: W ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2760
CVE-2026-2795 (Use-after-free in the JavaScript: GC component. This
vulnerability aff ...)
- - firefox <unfixed>
+ - firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2795
CVE-2026-2759 (Incorrect boundary conditions in the Graphics: ImageLib
component. Thi ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2759
CVE-2026-2758 (Use-after-free in the JavaScript: GC component. This
vulnerability aff ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2758
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2758
@@ -905,7 +905,7 @@ CVE-2026-2794 (Information disclosure due to uninitialized
memory in Firefox and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2794
CVE-2026-2757 (Incorrect boundary conditions in the WebRTC: Audio/Video
component. Th ...)
{DSA-6148-1}
- - firefox <unfixed>
+ - firefox 148.0-1
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2757
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eeb5a7ce6c0547165d5505c8d8754bac3c5b8b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eeb5a7ce6c0547165d5505c8d8754bac3c5b8b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
