[SECURITY] [DLA 4335-1] firefox-esr security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4335-1] firefox-esr security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 17 Oct 2025 11:03:08 +0200
Message-id: <[🔎] 20251017090308.425295F00082@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4335-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 17, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 140.4.0esr-1~deb11u1
CVE ID         : CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711
                 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, memory disclosure or cross-site scripting.

For Debian 11 bullseye, these problems have been fixed in version
140.4.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmjyBkkACgkQnUbEiOQ2
gwJAyhAAzLUuWFQ88BaGWTcEvVlZyOD2QHpawUPZCgs6C9Tuz5k7alwEAQqN52V2
/FjWQjhRHAK6sm2K7dole4C3dPNKrdrrADTkWFM/iNaJACWgKRjpximAkFqzBbb4
GtagaiBc5DzHqsca23jQWt7XGiRwXmPTlIJbgbqhkZGJ2fj3o3kLsQZj2xg1QAHG
fzEJZd8nXvQ6LCbXF32MiHe2fzIxHRXAUyPfQIiBCP5LEqEnXljNf8eEg5aAwogA
NRLaUXOPDwVihP6APyklDVTHz7ogBRDjLjSIEhcKjmFmYWUtFjaekfZa5l4xemzU
7AkHcFMPG3I8FmDPWE4lz0tllcapys+YtoDf3D6BUybOfnt2xMYinzc/mz/Sr7ik
gSJdymkDYJepFsVbs+z65dFfYplks+ndhIBb8gAy0jiscz7jXFM32CHX5j9FcDFP
Ymhm7h/PwmPzc65tcN7qDJkVFWxsHyj0oNF6LCNORlkuQ/dvMPa/+lDfAQLn9Ya4
ImnUg+UdJxpHxrh40zF7x6OvvXj3riBWG2DvGt6p1+l8UL3G6pHvtpXjAH0r6D4s
oBboviY+QS3SiKvjW8EbLg1MP2m8sgFl2fvT6eqzKkbKo9RzVTZkh1xx/VkVNVqQ
uhdAQaFAsZCmt5eAwsXc5ahCgKTro/9UQ/Cd1bkZgrewCnd1mFE=
=QxVw
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4334-1] pgpool2 security update
Next by Date: [SECURITY] [DLA 4337-1] svgpp security update
Previous by thread: [SECURITY] [DLA 4334-1] pgpool2 security update
Next by thread: [SECURITY] [DLA 4337-1] svgpp security update
Index(es):
- Date
- Thread