[SECURITY] [DLA 4401-1] firefox-esr security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4401-1] firefox-esr security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 11 Dec 2025 11:00:06 +0100
Message-id: <[🔎] 20251211100006.520B75F00082@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4401-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 11, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 140.6.0esr-1~deb11u1
CVE ID         : CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324
                 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330
                 CVE-2025-14331 CVE-2025-14333

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape, same-origin policy bypass or privilege escalation.

For Debian 11 bullseye, these problems have been fixed in version
140.6.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmk6liMACgkQnUbEiOQ2
gwLqeA/+LLWqYjKfN/RaPYdEfT8fAWSiKAX6VxCnzmiN0/VZYP9pmOIMtyzQM0fi
getNv9tZNMD7UVmmAIU5N64fgW9jaYlzv03IpDl7Y/dfEbcY1iGwORbbKt98TXdX
FLB0xsLsHMUKfcCKPY0TIjGLUiMLnDR8VRFhPSArdNbX2rXDfVeS2irT/OXqD/vU
/i3n8/NyDsu2M5VvrJjit9UqMcAXpjT/bd+45UkdBdI4zynMxc2jCHhkUMwsVb3O
x54PdILaVRnWChazs5C0yldeYKlb5PPw5crrc3i5+5HsjPzgLtpGYr65wDL1cNPB
q2ap3zTHijvKgoD2LnETmCcVPbbgUf0xEqCOv+fkX9fJNJ4VMbilIyVDbEnX2qQE
+T6dfK+TGCJZyzsNU4uantQqf4cR8VF5Yi3LxUweOpZr0kl3n6Q5c/YCNXhSLpeC
a7pfJpWt0O0sfmDH2J251oM5RuF8mYA0XHtekwpb6p88WsmdBFvt+FokoppBCkRQ
TGPZURmb88DnGWPh9Kte8ZV5y589b7yeAO9FOZKnSFLt+fbSr7nK5CM7WkkaVgwj
QvQrgBT0Byy843HxY297EVk1ip81dkk0T6pSGwIgY2CHP3kQtfbwknYSgSekgx+e
ioEpHsC9FblP4Ke/ukEtu9xgfZ0o0tbh/kOGOVx9qLTWnQIAbdw=
=4v+D
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4400-1] rear security update
Next by Date: [SECURITY] [DLA 4402-1] libsndfile security update
Previous by thread: [SECURITY] [DLA 4400-1] rear security update
Next by thread: [SECURITY] [DLA 4402-1] libsndfile security update
Index(es):
- Date
- Thread