[SECURITY] [DSA 4695-1] firefox-esr security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4695-1] firefox-esr security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 3 Jun 2020 18:13:01 +0000
Message-id: <[🔎] 20200603181301.GA26967@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4695-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 03, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or a timing attack on cryptographic keys.

For the oldstable distribution (stretch), these problems have been fixed
in version 68.9.0esr-1~deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 68.9.0esr-1~deb10u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7X57kACgkQEMKTtsN8
TjZcEQ//T0Ymf7zuThwAv1YcTWh0qWlzMAd4Ur4F0otQySUVAJ8C1HDg2CcvuvXJ
bThdBDXeocvTgqmVtzQXRr2kjSd4s559jXIc7mJGvzX39zZ9WVymPZjmomMVRlh+
pPYi4jRbgbBbu0LJ8nu3QBoXx/0ckyeAQ9YGbBKMWCHPOrpBZM889dqO10iOYYHL
MokDMFEDCp9cLYMqEWXyEODKnR5EN+sZhbH6c9fzjYhVrfFi3Zylh2hBIZOhRuFX
Dlv0RUPZx0jaL4tmqJK/WpGLUhsNeGIoa0WCcrpll2OULNQWn/fBsWu/ZhtMwGdW
5fJyu62IMspHdTRz/qO6dz8pXUYrpUeCKYg1+2W+uLtSdzX2OUjAO5SYkgbYOrFf
sRvjvwyOLbH/zxJcflbz1lDU4GU8asC2TSm5OK+SOzDlu2PiKTCT5hLXClY+l+fw
JkE7gn/s15sgkr8PpSdnPD5xRWrwQ/7NwyPdHSEMWtBA29uQiHm0LiPSOCOyHRnC
lkTUjeYwRuPxvpTCq9dDKluMWDxcPXR5sK1HHWE1o5s1sgtzjcU8jrjwgrY+BOvF
XiNKRjDtqFfG2VTzgPiOcvPOjJHrQyLzA4NYgc4u6ksCLCOen/KgWTQM4nl0gnMc
J/O23+OpMlQzYg91eUGhv1kvCfVhe3a6XmoNXHDAqY9eFnHUWf4=
=035G
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4694-1] unbound security update
Next by Date: [SECURITY] [DSA 4696-1] nodejs security update
Previous by thread: [SECURITY] [DSA 4694-1] unbound security update
Next by thread: [SECURITY] [DSA 4696-1] nodejs security update
Index(es):
- Date
- Thread