Multiple critical vulnerabilities in Mozilla Firefox, including CVE-2026-5731 and CVE-2026-5734 (CVSS 9.8 CRITICAL), could lead to arbitrary code execution. Affected versions are Firefox ESR earlier than 140.9.1 and Firefox earlier than 149.0.2. The Debian security update provides fixed packages, version 140.9.1esr-1~deb12u1 for Bookworm and 140.9.1esr-1~deb13u1 for Trixie, requiring an immediate upgrade.
[SECURITY] [DSA 6202-1] firefox-esr security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6202-1] firefox-esr security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Wed, 8 Apr 2026 18:34:41 +0000 Message-id : < [🔎] adafwc6ehWie1ZKN@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6202-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 140.9.1esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 140.9.1esr-1~deb13u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnWnSkACgkQEMKTtsN8 TjbEYQ/+O8OliSCEt73HHM9AULyKqNAecrg8MPyDBMN6beloGSk4FoXcvOygYi/k PDgTYRtUuYIPa2FOQubT2HVcNvnRNLj/sAUuZnd+w14gp85zsVVsfZBgVpzE3DX6 5CWOmLrnbDnVaeEdDXl77wDw0Dzd859FvzQGkq8gdZ4kSC7kO07yUmKkjAgT5198 u0M7Wg6oO5Tif5lpvkBwfwPZN++yC89MMtkS/VlNf4w/IORxCW2HAAX70Tl1z9bM NrrxRZxrVhVCE66WZ67g/qHehjZD2j4xZOovzqmLrAfZ/uIV46uPkqcut+76JVsY X4F6Zl50tV/GCjnp5zbYEhF6BpTiy44zqJte0wyEB81G88ayrs0EQam5H+I5tyiP LsJfGLqfQqh/rb6YYAThjw9mPuzSqU6Eqjr0NopkMls7SlW/+jGqFLf35PJsCR/l UpCVAvBA//DrQvRMimLGSV92T6lJJvjh7FB4+XviWyeQ0Hi11/MEgaRBbBWpwpYQ o48wF3ByONfLIYLX2yhBdQ/3H06OTVveaa9c/pZC4VNuPBMPPZ4GUa++FnIb39FM w7/s2M9lzHD5ON8hqkaWZ311nk64ZFyCGYqQYwXePSRWXmjxV/iaIyr5rSr6m0KJ WxtmPw1XZ8mMbsUcbs2GrZByC9//AA4zg+eov2nml1V7H0ns2a4= =gn8p -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6201-1] openssl security update Next by Date: [SECURITY] [DSA 6303-1] tiff security update Previous by thread: [SECURITY] [DSA 6201-1] openssl security update Next by thread: [SECURITY] [DSA 6303-1] tiff security update Index(es): Date Thread