[SECURITY] [DLA 3199-1] firefox-esr security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3199-1] firefox-esr security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 17 Nov 2022 20:18:41 +0100 (CET)
Message-id: <[🔎] 20221117191841.B6CA82A1C27@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3199-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 17, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 102.5.0esr-1~deb10u1
CVE ID         : CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406
                 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411
                 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420
                 CVE-2022-45421

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure, spoofing or bypass of the SameSite cookie
policy.

For Debian 10 buster, these problems have been fixed in version
102.5.0esr-1~deb10u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmN2iQ8ACgkQnUbEiOQ2
gwKTpg//Yh10pt+FHmhR7gh1uFF+yjlGx/53ZyagO44xyE+5OIAwp3mLdsFbrafN
I4GS6fWSE7UVC+7x9scjUDfoKq0kgayYPxUvrCM2/IdMasPl2iUaHYpYkA5/fRN9
8VTpjaHPNnpdOqQrBwcN4SXUzgiNebTsJS7ryM2dogSdHri3V8iSVYPqW37CE4lh
XmkcCQc5C0uRWC3PqWKuYOmC9H2EpBFw1MrYv5dIZtXQ+YGicBwR9g9vJQxmpqfO
Zjzn6wqc3vQRvPiZdpDa2dMxtaHkNi+A93ZppMGeHADbW9n08aFbjufWTXM9WmTw
Kr4Nvo29J3HpiOIrNho2uwDkGAVmW5Md86gJlggaFvcCU9tm7xshRpHe5otZKuSX
geAFCsyTWYS+7+26G6ownBYbD+pW7KBrYwT/TQ1m9HHt0nvZTq8ZaQ1nxPyANVB6
ITWCMgc7LrNtJJXatr9LMmPjapKlDXD/o8R9eO5aQCvIbquj9dNve25ZNP307xXJ
ZG0RKa9ZUbkCOzmImovetW9blnllTal+0wMKfv8WME5FARH+IPQ2XG+OhUS12FEA
1m2xlq1SmssnAR6pyUoLZPZ9OYOz8OLs5MUFpvFHJh60n9xX8xJUqtXVlbcP6l3C
1Yyuy26r+ijzwwtZL6Qe+4clzgjtLawXVIkKSX/GAQbBhaCsmN0=
=3kLu
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3198-1] php-phpseclib security update
Next by Date: [SECURITY] [DLA 3191-1] python-django security update
Previous by thread: [SECURITY] [DLA 3198-1] php-phpseclib security update
Next by thread: [SECURITY] [DLA 3191-1] python-django security update
Index(es):
- Date
- Thread