Debian alert DLA-4592-1 (firefox-esr)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4592-1] firefox-esr security update | |
| Date: | Wed, 20 May 2026 23:28:04 +0200 | |
| Message-ID: | <20260520212804.DBA915F0003E@kamino> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4592-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : firefox-esr Version : 140.11.0esr-1~deb11u1 CVE ID : CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, privilege escalation, information disclosure, spoofing or sandbox escape. For Debian 11 bullseye, these problems have been fixed in version 140.11.0esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmoOJ2EACgkQnUbEiOQ2 gwJUgQ/9FYiJB2iDPKJfU/dhTnboS4x/mFQ306AZYzCzdjhrZyM7yZ5HU9VReLby A2HHToWkbYV86wfXU4FM+g17IfnYLRUGSgzwaXD8BwjPj7OivWxb8zUznHpWCR7E AuskCICWGMuqIhPCvDb9tcXJtldurvujvOyYt3adlIc0y+CrC8XXCTnBzrudEuJp oD0bfruG81lyW9gZ9Q+v/rpAAFDS6TSFMOdUdULRLtabaaCzFec6DPS/fBHBO7Y7 5SYrzxIRDAcL+/5BFC0fzG9M9+r7vwma42XhpHbzMuWHMKzUH/+O46779uin8tbL 5mFnhztMKMPY3sRZb+2O0tZenoz6xV+f2/6wDFa9NH3IxsE3gf9X6Y0lHfspUm1A ctK030He2ukF/ozNsU86IpEnNXMZIRaI6I0T+n+Ymjw5hd0aTkpl/RysrKNN1dX/ eDeQFwsr8qJJ8b7AOV4xothgBjPoj/LScj+9RukUHXS16Vfxq8gYDr/DadZ1XJMh U7XY96GLM7vqqE946VFtsmtqFCnmsDmv3OyqbzKnlQDHH0JTVRw6fhFqSQCuEZDk YTyHRUh3NF2/EFtQQ2+kUYHFNleONOQTgH74A9hl4sHjTjGR+ts38cmZOxzEO/Sf WEsuG1TjQ+NQsPtqwV+R67iQYJLK7oKzC0tLgUjFysQ/VglK6ZY= =C0eS -----END PGP SIGNATURE-----