[SECURITY] [DSA 6236-1] firefox-esr security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6236-1] firefox-esr security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 29 Apr 2026 17:49:31 +0000
Message-id: <[🔎] afJEqx-tEOoP-1RH@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6236-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 29, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or sandbox escape.

For the oldstable distribution (bookworm), these problems have been fixed
in version 140.10.1esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 140.10.1esr-1~deb13u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnyQbEACgkQEMKTtsN8
TjZNbQ/7BuszV9b5WomW41lnyahZB0oNMTu9/ufI31Wss3A1mcz/FdqDTaccvW3m
MSfELMkVBsPUKoYJ1Q3AfkfdIzhKUj5gAwtBYo2WY9/O3YStjG+n66Mbe0Wq+y3y
Kn6yqJDVl2vDb6r/DDWr97KTLdNw7hkLbMeXETROctFZvFSXlcjQTB0ezkPtIoiz
YcEtQB/KqW6CPz1jR5wRlGuTeSzdQjgzeqI6fB398jEQMHcUDHzVtIQ51c0KaevS
kF7LZGJrAKSt9XRI878K6QO/27+Qi5EKGD78Ra7qPqC2lRv4Kei72Tjg46ChmvlN
5hL4ZjygzMGCCDeLy9QiKUDDavYwnbNuxQw6DoDdCbMMWZgOSVzRY93I8PhA0LVe
PZRifRDEn/+u5imrZXlppYygmnIHq4OCmYAF0JFUa8cdyCKE7uZt/IefX2zdcxmA
B9aEhdQX2Q8W6xS9ftgBBWEddLH1Ln7kUeaXSCk5DyaOzcy3dvjiIaJO9o6dyPt2
hN2WbbdJqNqi4djtYEBOemvny8kIwp70+05Qtsvh7TPz6AIC2SK66b0VPOIhCD/N
o3PLdFndd8tEMgy0JZ2sxGRAiT6POBSRTJZFrxA2Kmrf8LWpjC5USW9/OioOs4RW
qdrVNI2vA4qK3jVSPXPO3CPpK2mvLPrcvSF32jDjzuEd1F4+cWs=
=oJWA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6235-1] dnsdist security update
Next by Date: [SECURITY] [DSA 6237-1] openjdk-17
Previous by thread: [SECURITY] [DSA 6235-1] dnsdist security update
Next by thread: [SECURITY] [DSA 6237-1] openjdk-17
Index(es):
- Date
- Thread