CVE-2016-2839 / Firefox-ESR
I noticed from https://security-tracker.debian.org/tracker/CVE-2016-2839
for Firefox-ESR that:
45.3.0esr-1~deb7u1 in wheezy is vulnerable.
45.3.0esr-1~deb8u1 in jessie is vulnerable.
45.3.0esr-1 in sid and stretch is not vulnerable.
Which makes me wonder if Wheezy and Jessie versions have been fixed, but
not marked as such because they have earlier Debian versions then the
Brian May <email@example.com>