CVE-2023-5217 unimportant for firefox?

To: debian-user@lists.debian.org
Subject: CVE-2023-5217 unimportant for firefox?
From: hede <debian452@der-he.de>
Date: Sat, 30 Sep 2023 13:20:32 +0200
Message-id: <[🔎] 20230930132032.05a0e468@hpusdt5.der-he.de>

Hi, 

does anyone know why CVE-2023-5217 (critical vp8 encoder bug) is rated as an "open unimportant issue" for firefox-esr? Currently it is not fixed in bookworm and newer [1]. Mozilla itself rates it as "critical" [2].

[1] https://security-tracker.debian.org/tracker/source-package/firefox-esr
[2] https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

hede

Reply to:

Follow-Ups:
- Re: CVE-2023-5217 unimportant for firefox?
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: CVE-2023-5217 unimportant for firefox?
  - From: Lee <ler762@gmail.com>
- Re: CVE-2023-5217 unimportant for firefox?
  - From: Klaus Singvogel <deb-user-ml@singvogel.net>

Prev by Date: Re: naming a partition after the fact?
Next by Date: Re: CVE-2023-5217 unimportant for firefox?
Previous by thread: nsswitch.conf does not follow order defined for 'passwd:' & 'group:'
Next by thread: Re: CVE-2023-5217 unimportant for firefox?
Index(es):
- Date
- Thread