Debian alert DSA-6101-1 (firefox-esr)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6101-1] firefox-esr security update | |
| Date: | Thu, 15 Jan 2026 19:42:50 +0000 | |
| Message-ID: | <aWlDOqQWvsFMq8zZ@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6101-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 15, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890 CVE-2026-0891 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. For the oldstable distribution (bookworm), these problems have been fixed in version 140.7.0esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 140.7.0esr-1~deb13u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmlpQdAACgkQEMKTtsN8 TjZtmg//UtFJtIOwzUWs7w157THBSfjPCfvO9u0Ajxkn5iUn5mbN9IX/k0pwV1AQ XEPyMgL/umjpFjZBfHF/5e2H1sgHjm0tLJgTgX+ZPB730t6cw37Tz/yCdfDReMMC T0rBpKvomFsussSKtaj8DAjZJ+EHFkN1+UxLSIFSIZJ2mpkNTW/qrKCaxWWGNPbI XWzUZqVw2j8dS0aqbg+xhhuIyT3g+ObvMhEFP3coV1glQ1E1/EHD8Te9fSqU223Z zqkuoMgpeVVsYb3cXJonDNMkovop1qCzjxUxCRGiirMD35dCO5leo9gtGiVna172 Rvg1wLJ/2I6a/6yjjw2BAP20sGZ82IXcu/8whS6OY+RwKTmd3JU6dMgQavCBFeEu Be81KKOEzE3AatCwGDOx4i4jhfgvSgin2bIF8yi60KJHktpbMwXxuovsLAZT67Vf hu8NCiohhqTH+4qL9E85aWd3F5puAfG2EZG/kX4Ad23CDnboomZi0F7fcaHJuedu zroGnkyGdANx65BBR19tJJSCXB3Z5L/oIuxRfOATvd4F0r1IjO/hDbNTCU8QHwpZ fxs/6NzG6CDT2ntyf2H2Txr7joeU7x584bFPMtETXr2EReszFmH76z8bCDUo9iCN C1ZxL0ifKr7QU1t0fPx4EHCGc4ogrKmg9Se5L4JEFLyAeP+YKkk= =r0b8 -----END PGP SIGNATURE-----