[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2026-22

Salvatore Bonaccorso (@carnil) Tue, 24 Mar 2026 12:22:02 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b10a4de6 by Salvatore Bonaccorso at 2026-03-24T20:21:12+01:00
Add firefox-esr issues from mfsa2026-22

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,26 @@
 CVE-2026-4721
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4721
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4721
 CVE-2026-4729
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
 CVE-2026-4720
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4720
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
 CVE-2026-4719
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4719
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
 CVE-2026-4718
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4718
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4718
 CVE-2026-4728
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4728
@@ -24,49 +32,77 @@ CVE-2026-4726
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
 CVE-2026-4717
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4717
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
 CVE-2026-4716
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4716
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
 CVE-2026-4715
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4715
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
 CVE-2026-4714
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4714
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
 CVE-2026-4713
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4713
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
 CVE-2026-4712
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
 CVE-2026-4725
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
 CVE-2026-4711
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
 CVE-2026-4710
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4710
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
 CVE-2026-4709
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4709
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
 CVE-2026-4708
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4708
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
 CVE-2026-4707
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4707
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
 CVE-2026-4706
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4706
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
 CVE-2026-4705
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4705
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
 CVE-2026-4704
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4704
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4704
 CVE-2026-4724
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4724
@@ -75,64 +111,102 @@ CVE-2026-4723
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
 CVE-2026-4702
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4702
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4702
 CVE-2026-4722
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
 CVE-2026-4701
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4701
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
 CVE-2026-4700
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4700
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
 CVE-2026-4699
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4699
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
 CVE-2026-4698
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4698
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
 CVE-2026-4697
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4697
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
 CVE-2026-4696
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4696
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
 CVE-2026-4695
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4695
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
 CVE-2026-4694
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4694
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
 CVE-2026-4693
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4693
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
 CVE-2026-4692
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4692
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
 CVE-2026-4691
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4691
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
 CVE-2026-4690
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4690
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
 CVE-2026-4689
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4689
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
 CVE-2026-4688
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4688
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
 CVE-2026-4687
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4687
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
 CVE-2026-4686
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4686
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
 CVE-2026-4685
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4685
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
 CVE-2026-4684
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4684
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4684
 CVE-2026-4756 (Out-of-bounds Write vulnerability in MolotovCherry 
Android-ImageMagick ...)
        NOT-FOR-US: Android-ImageMagick7 (not associating it with 
src:imagemagick)
 CVE-2026-4755 (CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This 
issue  ...)
@@ -76563,6 +76637,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before 
1618ca7, a content-addressed-m
        NOTE: Fixed by: 
https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
 CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger 
large dynam ...)
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        - expat 2.7.2-1 (bug #1115298)
        [trixie] - expat <no-dsa> (Minor issue)
        [bookworm] - expat <ignored> (Minor issue)
@@ -76593,6 +76668,7 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows 
attackers to trigger large
        NOTE: Not a vulnerability per se, but rather a hardening and 
continuation of
        NOTE: the billion laughs attack feature work (cf. CVE-2013-0340)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2025-59375
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2025-59375
 CVE-2025-59364 (The express-xss-sanitizer (aka Express XSS Sanitizer) package 
through  ...)
        NOT-FOR-US: Node express-xss-sanitizer
 CVE-2025-41713 (During a short time frame while the device is booting an 
unauthenticat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10a4de659efaeab1e9436006d05ecd3e71e7f92

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10a4de659efaeab1e9436006d05ecd3e71e7f92
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2026-22

Reply via email to