[SECURITY] [DLA 4277-1] firefox-esr security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4277-1] firefox-esr security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 21 Aug 2025 13:05:52 +0200
Message-id: <[🔎] 20250821110552.97C175F000A8@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4277-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
August 21, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 128.14.0esr-1~deb11u1
CVE ID         : CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape or bypass of the same-origin policy.

For Debian 11 bullseye, these problems have been fixed in version
128.14.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmim/Y0ACgkQnUbEiOQ2
gwJDFw/+LSfNBiOEJc6ARWXlhpH7zK1Ppa22H2chpYr16kjakfucHQ+kmyxPsVpB
L8kNbq+trBWwAvnWVm37IvS4DwLm3dMxidL7KjIxG3cww8xN2aIui5pbazw+ZGd4
DJa4EKNZ29oOLAS+Sy621EqIMfPqNMkTWQONAYiY+jcqq9n7xBwSMJ1YiQZGHKrD
JrT5Z2lSa6KgAsdYYX6horghCY9/ry778YhkDquOPPjy8kmyhgzb0FS4eHHNAQo+
MMVmly1+oWMeQCdtxwJ4yTeboc4cWaB4taDDDafbAdPgPWHDd8Odsn9i7IsG67XT
uv+dvwNnDzHZMKnElm1STMsa4ipp+SkvCG92ptotYsNkvU9x4P6XY9w4NZ3BUbil
K5DHhSFuC4SWcWzMbT0KK0fGQMZhy0CDuZ/I497DdP+InHS1EfbQAMdDxIjZ/vRQ
3h1G9B+rVRGep2mUwSzCct378mgLJ9r2o4ub1OZI8boSPCHCZ+WVR9iA72rjHAnF
uj22jwdfwy0mnP1K4qVlYDrr50ixF61n3i9DeVUJl0Xdrw+QVh+pXvJgkgozRtOg
FFIKn6nLT2FBA4U8dP3mgvodZsbbo48+emiNOPwletjfHKjcPQmXInS9G78WvkTM
IRnR1wSumpNjMPTxZrt1e61yaoG0vIV+HRLvpIzK4lwUSMQoKpI=
=4ogO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4276-1] webkit2gtk security update
Next by Date: [SECURITY] [DLA 4278-1] mupdf security update
Previous by thread: [SECURITY] [DLA 4276-1] webkit2gtk security update
Next by thread: [SECURITY] [DLA 4278-1] mupdf security update
Index(es):
- Date
- Thread