[SECURITY] [DSA 5645-1] firefox-esr security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5645-1] firefox-esr security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 23 Mar 2024 20:10:15 +0000
Message-id: <[🔎] E1ro7h1-002Ig2-2p@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5645-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 23, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2024-29944

Manfred Paul discovered a flaw in the Mozilla Firefox web browser,
allowing an attacker to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.

For the oldstable distribution (bullseye), this problem has been fixed
in version 115.9.1esr-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 115.9.1esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX/MOFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rolg/9GP46S5fV4AGsTsDeOZsx8rbHOZsKgj+Y//dA8Ly79T10CjVcZQSvpFek
Czgnwyo9dMqY5jTyxKOcFqsrbCzODKdMtDKVqOdTTptb0eGdorLyRsq0D5Kozn86
W8iq9mDTYiL50Vj7gMgpciNHklM7sjtKCYSTIgJFqLq+/8jMIoaN2qbTCmxo4OjC
bqweKgXYlHE/EmgCyjVJ6gjuam5yA1OlrXO+/IqKm809P8TPsceb9FBCY4Gw0jS4
Ioii4Y303fsNNMIHfDANNcvXC6JCnsy0QYjq2DyiNTOyh/leoV+Z9tWQwejcnQBd
T0aICDOoQwf6mnsMtsLvoDzsY81DawiHd19nyLeVKhxLwpEmqTz5CIIk72oy39MA
SLxY5owGrBPHkelxpi4XNPg7/fDNfeq1L3/CzEPoiExaioLsvC/vgvZzO4drrNkG
Eyp2ocGvKejYqt4TfZE/a5vmj7BpNDMmhsUne8XzdPVU8p1Co3jsEGmOVAT00EOv
cO1MGfUZdChdTdRHZ6Q/v6Wr2DZvmT9b/yy9uI4I+XjpkDLapS9DbP+FPJKM5y75
lOf3bfsBSHUBRIxxtiDdUmjYH9mTHNPNq6SFlHrcpykqRps+acuL4ZYd2NGG8nHg
Bv4lAz/FMJTBI80gqF7nv3v2qsy4CZ9ieBnAQbDHDkVxnnYLGVo=
=h5US
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5644-1] thunderbird security update
Next by Date: [SECURITY] [DSA 5646-1] cacti security update
Previous by thread: [SECURITY] [DSA 5644-1] thunderbird security update
Next by thread: [SECURITY] [DSA 5646-1] cacti security update
Index(es):
- Date
- Thread