Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

For Debian 8 'Jessie', these problems have been fixed in version 68.4.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

Debian DLA-2061-1 : firefox-esr security update

high Nessus Plugin ID 132758

Version 1.10

Version 1.9

Version 1.9

Version 1.10 Apr 1, 2024, 3:13 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2019-17024" to "CVE-2019-17026") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True") Plugin Feed: 202404011513
Version 1.9 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254
Version 1.9 Apr 1, 2024, 1:01 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2019-17024" to "CVE-2019-17026") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404011301