Debian alert DLA-4305-1 (firefox-esr)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4305-1] firefox-esr security update | |
| Date: | Fri, 19 Sep 2025 12:37:06 +0200 | |
| Message-ID: | <20250919103706.EC9CB5F000A6@kamino> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 19, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : firefox-esr Version : 140.3.0esr-1~deb11u2 CVE ID : CVE-2025-10527 CVE-2025-10528 CVE-2025-10529 CVE-2025-10532 CVE-2025-10533 CVE-2025-10536 CVE-2025-10537 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or bypass of the same-origin policy. Debian follows the extended support releases (ESR) of Firefox. So starting with this update we're now following the 140.x releases. Between 128.x and 140.x, Firefox has seen a number of feature updates. For more information please refer to https://www.firefox.com/en-US/firefox/140.0esr/releasenotes/ For Debian 11 bullseye, these problems have been fixed in version 140.3.0esr-1~deb11u2. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmjNMlAACgkQnUbEiOQ2 gwLXZA/+L/UeaUNkzOpHTUnIK3FutEiISIRW1yPkzUCicoIO/Wtp7Q+JUnb+YwOY SxKLqfVoq/Qt9r/K0hrqESmzL3UPq1XMkZTZ0zpeePxfmOwWc/ENaAJor7okoN1T ++oqG2Y1Ir7aESLCI3zbmQ53JLL1PMhU9nXS3VgzTyLKpmEwmyFqntMvdcFV0hpg 8Ri8svXBSQStENS4yTGiQB2tGpG3sRQ8UGm7iqgqmu7mu2IyC6nEy+3ZBkTsGmMj OHd5JOFdp+ksd3SQOHSyL0n0cawWytjgrWrtn/RNrK5TOy/w3qcAcGNY5IKUWkn3 YdwJoxOWIl0EYau2U4iq2k0kanhJX51HkDjwJERMT40QXiFpQc9YeSW+1Bpjfyid SaZyStX2ZkX2QD3oSVteKlWq/asfHaZMaFGl4gJ5BOTLI05TBkR0BQAy7n+dyhLj lF4K+kzGHc9DpBKH/mEH5Xez5NXQNEost6kVt4AK658PmVeJF3qQMuurY0gghron 1slqkQS/ClruvqHDO4gS5hqq6ibWLIbWb7WKwK2/ikHFvuYFvWlxjKKw2TP/EGSg rjlE5xKySfOIwTvn+OsBdpqWHxkYE0V3/6NyAjZssetHRkZHJYFGAS7By/4d1fjq 9UV8712gwVJJ3FKWeSSyd2DMu/ZTW3isx/EujNu1nSYFS9+VVeo= =fj4L -----END PGP SIGNATURE-----