[SECURITY] [DSA 5980-1] firefox-esr security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5980-1] firefox-esr security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 20 Aug 2025 18:39:28 +0000
Message-id: <[🔎] aKYWYGqij3QwUSeT@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5980-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 20, 2025                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape or bypass of the same-origin policy.

For the oldstable distribution (bookworm), these problems have been fixed
in version 128.14.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 128.14.0esr-1~deb13u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmimFiEACgkQEMKTtsN8
TjZDTw//UYMqDm72FU6ajdXznnIN+fqf5D/mpSuPXdWJnymfMeGZorxBnKTOOhOU
pRWb/CnBa5GwLvCV1eCVfhW0Df5PRJGN9Tnt7sLucb4Ekjz94k8qsXW5FsOZo+EQ
031Ytqw7A0H3E5isklf4xUc/I4Ra4NI82IQQSIpwpNAiTNhXzMcOrWo2kf4y3EO6
kT2SESnGWmMt3xETw/dN8khVgzL8s4BLk0nSSlInZ1Rsb8oJOe8X4lN0AWB16aJG
jnDKdOCqdvlNbXiSvgrk8fvjZqTpU73ds/HQB0fRbfOr/O2ccwRz9wQNjjCmRPn+
50aFejFEdlxNDH9NN9DhnlxZ6SnxLwit1o+OC6mHav9d1jXQXzSWKc7L8dDJkr6Y
CBwVVr/xYfrLbjEXYwWcHkuKI4XJZYbi3a2nPzhKiYSjwuUpgVPAE4Qdfb2vJDm6
CbY6SoDD67DyZqWqv+vBli87JI1IYQYxWFfdHpXgKTNKSC0lQCwZJl34uJ0o88Jy
nztuGWlE2XM762peCv6WSQ57kVtWt9UtBf81/Zo1kaNBRq6PmS61FjkmmXqLmEfz
Ft5ax+D5m3i/VFF+I6sYNZ48QrX+DQgnYLRqhk/Kehj3qZF1jMncvyFoBbu2b9AH
tyHa3sDadI7oBq+UNhsiSa8cHP9V0lbIaX/GnY0egUXmlWLNY2M=
=C1Et
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5979-1] libxslt security update
Next by Date: [SECURITY] [DSA 5981-1] chromium security update
Previous by thread: [SECURITY] [DSA 5979-1] libxslt security update
Next by thread: [SECURITY] [DSA 5981-1] chromium security update
Index(es):
- Date
- Thread