[SECURITY] [DSA 6054-1] firefox-esr security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6054-1] firefox-esr security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 12 Nov 2025 22:30:33 +0000
Message-id: <[🔎] aRUKiQW-B62rjYq7@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6054-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 12, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2025-13012 CVE-2025-13013 CVE-2025-13014
                 CVE-2025-13015 CVE-2025-13016 CVE-2025-13017
		 CVE-2025-13018 CVE-2025-13019 CVE-2025-13020

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code
or bypass of the same-origin policy.

For the oldstable distribution (bookworm), these problems have been fixed
in version 140.5.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 140.5.0esr-1~deb13u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkVCkkACgkQEMKTtsN8
TjYziBAAhP49Mm1oJgYrFToA+j8Cni7XWoki6tvAXbgWMp3ajIxWChmY5+Ksyyn+
nyHHOxshZM8pOqGCALiDd+htlfBkhFiLQzD76SvFB7ZnRixgU/Xuxe9BVP2ryVk3
h38+YsCKeCzCffcv2cf/0MHPhOWhQ1FG8Y2+LuHIE6Y1GM18Wm2alJJ2IUKCyVxA
oyp/0pF4wo8zsA6CIM3edzXFBU1La/wLaITocwhRPkneMulSuXyXwODfUda9r0GR
KIYJfK3/A/lnvXmp/4LlEfCneJJ+ysXgD50ji970eEiWSUG+fkugrw8NbAJF181p
NCr2RkeJ2w1+nYqwURzeVgywBteo6pPY6uNBYzSqfI+Fqawgw5wVYuLiZHrBaTHA
/A2Han4gil1RKNS8yozj1Fonr3uG2VFIalfygW0QbSZWPUdSUSjek4AmwV40Bqu6
bclZdBoHQaJzmlp4FjE+cZytOGbvLrxbnsrb7bsSWSBLElWA+li9Ey2EThHt18JA
7IVO9/k+o6Lwl1l/HYoAqx0hgo/tv4sc+cogyEmcDjR7xnxTyhDWEw3YBwCZWMlE
vIrDvhtqRgphRsqiG3YIsN4Hr8I/4SLF4okkMb74ZSJpHn0qinncEVC44yAbctV8
CQyjPLJ285zFxJC/74gbNqtOQjb6bP+m4P4S+6vSDL5rZp6yJoY=
=Udn6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6053-1] linux security update
Next by Date: [SECURITY] [DSA 6055-1] chromium security update
Previous by thread: [SECURITY] [DSA 6053-1] linux security update
Next by thread: [SECURITY] [DSA 6055-1] chromium security update
Index(es):
- Date
- Thread