[SECURITY] [DLA 4370-1] firefox-esr security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4370-1] firefox-esr security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 13 Nov 2025 12:08:05 +0100
Message-id: <[🔎] 20251113110805.5EEB75F00082@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4370-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 13, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 140.5.0esr-1~deb11u1
CVE ID         : CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015
                 CVE-2025-13016 CVE-2025-13017 CVE-2025-13018 CVE-2025-13019
                 CVE-2025-13020

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code
or bypass of the same-origin policy.

For Debian 11 bullseye, these problems have been fixed in version
140.5.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmkVvBIACgkQnUbEiOQ2
gwLCuw/+LSf2RPg/IStXT9IlIOK7H4+X+uAF4JWmgeHoxj0d9Sj7AQhgPA8qO51J
VZH5ooB9VKPHstsGAu/db6bXBxgZMwXfdY9sq1k72OtwiZPchgjM5b3h7W2acnaY
YLZl1vqSjzL6yVXwjHnjvgnuwa6Mu7jUf1pSItGZI84BCJTTfDpmW6x30nIzoHQr
GB+lgZ6a4ve6iyiojB1p/MApGcx7Aet1vB89TqSVzfpoX8ozpqLR0chf2BqfTwII
DAQXNFKudOHFNjgg1yRvB24e5AXz8ekszZggvr3f6bL9P9t/a+AXWQGWHqyUN597
azbdX3RzzZ359fOt/Lx5IPQXSW+lXj6X2dJCMFpdl4dteUjvsi8E4i0iE1csOR9P
vmlLjCZ0FtIV9RYMMDZVFNNZIS96B9jKrkYtwrVWeb5rVvJAIV8htcuCw/mZmdKx
Kn4WyGm8c4GG/03UbhItyxi2efQ36WwZxFG5l9Bwvn32ZmBDnnGCC/I/ujoBRmqP
zeAIG1J+0zVCQIC+yQy8EJemkDVypytKmkLvnx/PUrk1ieXws/aAggtdXELo21TX
/1+FQLJvCSfG13EsEsuq/RIOyctTnOU/nTa/qZ055+Q7SLoIoeXzCiGdnE/z93Bh
Hl1+YAfvu88PYuWQVmqBHk0Jw+Gmn+jLWy2ClrEhyA10vW/H1J8=
=94qI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4369-1] squid security update
Next by Date: [SECURITY] [DLA 4371-1] gst-plugins-base1.0 security update
Previous by thread: [SECURITY] [DLA 4369-1] squid security update
Next by thread: [SECURITY] [DLA 4371-1] gst-plugins-base1.0 security update
Index(es):
- Date
- Thread