• [SECURITY] [DSA 5237-1] firefox-esr security update

    From Moritz Muehlenhoff@21:1/5 to All on Fri Sep 23 10:50:02 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5237-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : firefox-esr
    CVE ID : CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959
    CVE-2022-40960 CVE-2022-40962

    Multiple security issues have been found in the Mozilla Firefox web
    browser, which could potentially result in the execution of arbitrary
    code, CSP bypass or session fixation.

    Debian follows the extended support releases (ESR) of Firefox. Support
    for the 91.x series has ended, so starting with this update we're now
    following the 102.x releases.

    Between 91.x and 102.x, Firefox has seen a number of feature updates.
    For more information please refer to https://www.mozilla.org/en-US/firefox/102.0esr/releasenotes/

    For the stable distribution (bullseye), these problems have been fixed in version 102.3.0esr-1~deb11u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMtcGFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QHwQ/+OC4YLJJTaVGmopNPrXkMz2oFoEZFmqnxF8ysABITeQCMa2duaPMxpKwG NxeJjZbRQbZNsujAQZl2gJTB/j+w6wkcqhU80/nP8vC5p+SjOGq9tDy4xYHCwrpF pRIF+hRFZDWO7o8d7K1MNlM2ySNkgpmxZ7GbcwDRjUuiNsvr7fCWvzAgCrWhJPeo Ai6+Kuz1ZFVP5cEGEuJ43qTYFka5xqW4FiWRSzCthtw60gxa1U0tbuoKWOLZUzDn sJUSu3WkOrICTRmDZ4l/+oYy41LZelFi0E05oPkgcMS3e2xw++gxJOeLj5XrT78J 8+5hudBATrfRDv2AYp+J0n/N/6yljhYwAz/IbY+kKyMktKsebhA/cZh5gd9KwrAe /JtV1k3e8wj1fD04f1YIjkVbWlR6j0HLQPHvxglpqu4pk48iSoCVKlYQTvHXlBIf gfYojYE5tb0N00oSghsRlQIS3xl4bO/d3oEifJG3yxFxCSDPK/YPAq6qsULdI6Eo 5MGIEduhkWF7GtC7/wL7lt9jE5lFCErrJdeTGuEAlwpxueS+w+mqKhvFd8wwSbkf WnhjO/NxpVBhrNX3dwL1u+ZUeOjOCLGI+j+VFH/lGEcy9n5r7C5PbDd9zol7pMc9 aZNcvX1tc3+ydCF5ldkfZoRG+fLrOqera2QWDqskd5HAimPP0Ks=
    =4odd
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)