Bug 58812 - firefox-esr: Multiple issues (5.2)
Summary: firefox-esr: Multiple issues (5.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.2
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.2-3-errata
Assignee: Quality Assurance
QA Contact: Iván.Delgado
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-11-17 13:00 CET by Quality Assurance
Modified: 2025-11-19 15:14 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) NVD

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-11-17 13:00:41 CET 
New Debian firefox-esr 140.5.0esr-1~deb12u1 fixes:
This update addresses the following issues:
* This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird  < 143, and Thunderbird < 140.3. (CVE-2025-10527)
* This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird  < 143, and Thunderbird < 140.3. (CVE-2025-10528)
* This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird  < 143, and Thunderbird < 140.3. (CVE-2025-10529)
* This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird  < 143, and Thunderbird < 140.3. (CVE-2025-10532)
* This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR  < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10533)
* This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird  < 143, and Thunderbird < 140.3. (CVE-2025-10536)
* Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2,  Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of  memory corruption and we presume that with enough effort some of these  could have been exploited to run arbitrary code. This vulnerability affects  Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird <  140.3. (CVE-2025-10537)
* Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability  affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and  Thunderbird < 140.4. (CVE-2025-11708)
* A compromised web process was able to trigger out of bounds reads and  writes in a more privileged process using manipulated WebGL textures. This  vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR <  140.4, Thunderbird < 144, and Thunderbird < 140.4. (CVE-2025-11709)
* A compromised web process using malicious IPC messages could have caused  the privileged browser process to reveal blocks of its memory to the  compromised process. This vulnerability affects Firefox < 144, Firefox ESR  < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.  (CVE-2025-11710)
* There was a way to change the value of JavaScript Object properties that  were supposed to be non-writeable. This vulnerability affects Firefox <  144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and  Thunderbird < 140.4. (CVE-2025-11711)
* A malicious page could have used the type attribute of an OBJECT tag to  override the default browser behavior when encountering a web resource  served without a content-type. This could have contributed to an XSS on a  site that unsafely serves files without a content-type header. This  vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird <  144, and Thunderbird < 140.4. (CVE-2025-11712)
* Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3,  Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs  showed evidence of memory corruption and we presume that with enough effort  some of these could have been exploited to run arbitrary code. This  vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR <  140.4, Thunderbird < 144, and Thunderbird < 140.4. (CVE-2025-11714)
* Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3,  Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of  memory corruption and we presume that with enough effort some of these  could have been exploited to run arbitrary code. This vulnerability affects  Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird <  140.4. (CVE-2025-11715)
140.5.0esr-1~deb12u1 (Wed, 12 Nov 2025 07:25:00 +0900)
* New upstream release.
* Fixes for mfsa2025-88, also known as: CVE-2025-13012, CVE-2025-13016,  CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-13013,  CVE-2025-13020, CVE-2025-13014, CVE-2025-13015.
Comment 1 Quality Assurance univentionstaff 2025-11-17 14:00:14 CET 
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_140.4.0esr-1~deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-3/source/firefox-esr_140.5.0esr-1~deb12u1.dsc
@@ -1,3 +1,11 @@
+140.5.0esr-1~deb12u1 [Wed, 12 Nov 2025 07:25:00 +0900] Mike Hommey <glandium@debian.org>:
+
+  * New upstream release.
+  * Fixes for mfsa2025-88, also known as:
+    CVE-2025-13012, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018,
+    CVE-2025-13019, CVE-2025-13013, CVE-2025-13020, CVE-2025-13014,
+    CVE-2025-13015.
+
 140.4.0esr-1~deb12u1 [Wed, 15 Oct 2025 08:55:29 +0900] Mike Hommey <glandium@debian.org>:
 
   * New upstream release.

<http://piuparts.knut.univention.de/5.2-3/#4571176369393318017>
Comment 2 Iván.Delgado univentionstaff 2025-11-18 10:45:00 CET 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-3] 257f7cd0d0 chore(firefox-esr): create advisory for 140.5.0esr-1~deb12u1
 doc/errata/staging/firefox-esr.yaml | 56 +++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
Comment 3 Christian Castens univentionstaff 2025-11-19 15:14:23 CET 
<https://errata.software-univention.de/#/?erratum=5.2x284>