Information on source package firefox-esr

Available versions

ReleaseVersion
wheezy (security)52.2.0esr-1~deb7u1
jessie45.9.0esr-1~deb8u1
jessie (security)52.2.0esr-1~deb8u1
stretch45.9.0esr-1
stretch (security)52.2.0esr-1~deb9u1
buster52.2.0esr-2
sid52.2.0esr-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-7789vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableFirefox ignores Strict-Transport-Security when two more STS headers are sent from server

Resolved issues

BugDescription
CVE-2017-7778
CVE-2017-7777
CVE-2017-7776
CVE-2017-7775
CVE-2017-7774
CVE-2017-7773
CVE-2017-7772
CVE-2017-7771
CVE-2017-7768
CVE-2017-7767
CVE-2017-7766
CVE-2017-7765
CVE-2017-7764
CVE-2017-7763
CVE-2017-7761
CVE-2017-7760
CVE-2017-7758
CVE-2017-7757
CVE-2017-7756
CVE-2017-7755
CVE-2017-7754
CVE-2017-7752
CVE-2017-7751
CVE-2017-7750
CVE-2017-7749
CVE-2017-5472
CVE-2017-5470
CVE-2017-5469
CVE-2017-5465
CVE-2017-5464
CVE-2017-5462
CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...
CVE-2017-5460
CVE-2017-5459
CVE-2017-5448
CVE-2017-5447
CVE-2017-5446
CVE-2017-5445
CVE-2017-5444
CVE-2017-5443
CVE-2017-5442
CVE-2017-5441
CVE-2017-5440
CVE-2017-5439
CVE-2017-5438
CVE-2017-5436
CVE-2017-5435
CVE-2017-5434
CVE-2017-5433
CVE-2017-5432
CVE-2017-5430
CVE-2017-5429
CVE-2017-5428
CVE-2017-5410
CVE-2017-5409
CVE-2017-5408
CVE-2017-5407
CVE-2017-5405
CVE-2017-5404
CVE-2017-5402
CVE-2017-5401
CVE-2017-5400
CVE-2017-5398
CVE-2017-5396
CVE-2017-5393
CVE-2017-5391
CVE-2017-5390
CVE-2017-5389
CVE-2017-5388
CVE-2017-5387
CVE-2017-5386
CVE-2017-5385
CVE-2017-5384
CVE-2017-5383
CVE-2017-5382
CVE-2017-5381
CVE-2017-5380
CVE-2017-5379
CVE-2017-5378
CVE-2017-5377
CVE-2017-5376
CVE-2017-5375
CVE-2017-5374
CVE-2017-5373
CVE-2016-9905
CVE-2016-9904
CVE-2016-9903
CVE-2016-9902
CVE-2016-9901
CVE-2016-9900
CVE-2016-9899
CVE-2016-9898
CVE-2016-9897
CVE-2016-9896
CVE-2016-9895
CVE-2016-9894
CVE-2016-9893
CVE-2016-9080
CVE-2016-9079SVG Animation Remote Code Execution
CVE-2016-9078data: URL can inherit wrong origin after an HTTP redirect
CVE-2016-9077
CVE-2016-9076
CVE-2016-9075
CVE-2016-9074existing mitigation of timing side-channel attacks insufficient
CVE-2016-9073
CVE-2016-9072
CVE-2016-9071
CVE-2016-9070
CVE-2016-9068
CVE-2016-9067
CVE-2016-9066
CVE-2016-9064
CVE-2016-9063
CVE-2016-5297
CVE-2016-5296
CVE-2016-5294
CVE-2016-5293
CVE-2016-5292
CVE-2016-5291
CVE-2016-5290
CVE-2016-5289
CVE-2016-5288Web content can read cache entries
CVE-2016-5287Crash in nsTArray_base
CVE-2016-5284Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on ...
CVE-2016-5283Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...
CVE-2016-5282Mozilla Firefox before 49.0 does not properly restrict the scheme in ...
CVE-2016-5281Use-after-free vulnerability in the DOMSVGLength class in Mozilla ...
CVE-2016-5280Use-after-free vulnerability in the ...
CVE-2016-5279Mozilla Firefox before 49.0 allows user-assisted remote attackers to ...
CVE-2016-5278Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...
CVE-2016-5277Use-after-free vulnerability in the nsRefreshDriver::Tick function in ...
CVE-2016-5276Use-after-free vulnerability in the ...
CVE-2016-5275Buffer overflow in the ...
CVE-2016-5274Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ...
CVE-2016-5273The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...
CVE-2016-5272The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and ...
CVE-2016-5271The PropertyProvider::GetSpacingInternal function in Mozilla Firefox ...
CVE-2016-5270Heap-based buffer overflow in the ...
CVE-2016-5268Mozilla Firefox before 48.0 does not properly set the LINKABLE and ...
CVE-2016-5267Mozilla Firefox before 48.0 on Android allows remote attackers to ...
CVE-2016-5266Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ...
CVE-2016-5265Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow ...
CVE-2016-5264Use-after-free vulnerability in the ...
CVE-2016-5263The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ...
CVE-2016-5262Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process ...
CVE-2016-5261Integer overflow in the WebSocketChannel class in the WebSockets ...
CVE-2016-5260Mozilla Firefox before 48.0 mishandles changes from 'INPUT ...
CVE-2016-5259Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...
CVE-2016-5258Use-after-free vulnerability in the WebRTC socket thread in Mozilla ...
CVE-2016-5257Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-5256Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-5255Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ...
CVE-2016-5254Use-after-free vulnerability in the nsXULPopupManager::KeyDown ...
CVE-2016-5253The Updater in Mozilla Firefox before 48.0 on Windows allows local ...
CVE-2016-5252Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ...
CVE-2016-5251Mozilla Firefox before 48.0 allows remote attackers to spoof the ...
CVE-2016-5250Mozilla Firefox before 48.0 allows remote attackers to obtain ...
CVE-2016-2839Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ...
CVE-2016-2838Heap-based buffer overflow in the nsBidi::BracketData::AddOpening ...
CVE-2016-2837Heap-based buffer overflow in the ClearKey Content Decryption Module ...
CVE-2016-2836Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2835Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2834Mozilla Network Security Services (NSS) before 3.23, as used in ...
CVE-2016-2833Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) ...
CVE-2016-2832Mozilla Firefox before 47.0 allows remote attackers to discover the ...
CVE-2016-2831Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ...
CVE-2016-2830Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve ...
CVE-2016-2829Mozilla Firefox before 47.0 allows remote attackers to spoof ...
CVE-2016-2828Use-after-free vulnerability in Mozilla Firefox before 47.0 and ...
CVE-2016-2827The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox ...
CVE-2016-2826The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...
CVE-2016-2825Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...
CVE-2016-2824The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox ...
CVE-2016-2822Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow ...
CVE-2016-2821Use-after-free vulnerability in the mozilla::dom::Element class in ...
CVE-2016-2820The Firefox Health Reports (aka FHR or about:healthreport) feature in ...
CVE-2016-2819Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ...
CVE-2016-2818Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2817The WebExtension sandbox feature in ...
CVE-2016-2816Mozilla Firefox before 46.0 allows remote attackers to bypass the ...
CVE-2016-2815Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2814Heap-based buffer overflow in the ...
CVE-2016-2813Mozilla Firefox before 46.0 on Android does not properly restrict ...
CVE-2016-2812Race condition in the get implementation in the ServiceWorkerManager ...
CVE-2016-2811Use-after-free vulnerability in the ServiceWorkerInfo class in the ...
CVE-2016-2810Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ...
CVE-2016-2809The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...
CVE-2016-2808The watch implementation in the JavaScript engine in Mozilla Firefox ...
CVE-2016-2807Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2806Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2805Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...
CVE-2016-2804Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2802The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in ...
CVE-2016-2801The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp ...
CVE-2016-2800The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...
CVE-2016-2799Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...
CVE-2016-2798The graphite2::GlyphCache::Loader::Loader function in Graphite 2 ...
CVE-2016-2797The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 ...
CVE-2016-2796Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code ...
CVE-2016-2795The graphite2::FileFace::get_table_fn function in Graphite 2 before ...
CVE-2016-2794The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in ...
CVE-2016-2793CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...
CVE-2016-2792The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...
CVE-2016-2791The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...
CVE-2016-2790The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before ...
CVE-2016-1979Use-after-free vulnerability in the ...
CVE-2016-1977The Machine::Code::decoder::analysis::set_ref function in Graphite 2 ...
CVE-2016-1974The nsScannerString::AppendUnicodeTo function in Mozilla Firefox ...
CVE-2016-1973Race condition in the GetStaticInstance function in the WebRTC ...
CVE-2016-1969The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla ...
CVE-2016-1968Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...
CVE-2016-1967Mozilla Firefox before 45.0 does not properly restrict the ...
CVE-2016-1966The nsNPObjWrapper::GetNewOrUsed function in ...
CVE-2016-1965Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...
CVE-2016-1964Use-after-free vulnerability in the AtomicBaseIncDec function in ...
CVE-2016-1963The FileReader class in Mozilla Firefox before 45.0 allows local users ...
CVE-2016-1962Use-after-free vulnerability in the ...
CVE-2016-1961Use-after-free vulnerability in the nsHTMLDocument::SetBody function ...
CVE-2016-1960Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...
CVE-2016-1959The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows ...
CVE-2016-1958browser/base/content/browser.js in Mozilla Firefox before 45.0 and ...
CVE-2016-1957Memory leak in libstagefright in Mozilla Firefox before 45.0 and ...
CVE-2016-1956Mozilla Firefox before 45.0 on Linux, when an Intel video driver is ...
CVE-2016-1955Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...
CVE-2016-1954The nsCSPContext::SendReports function in ...
CVE-2016-1953Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-1952Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-1951Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable ...
CVE-2016-1950Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...
CVE-2016-1949Mozilla Firefox before 44.0.2 does not properly restrict the ...
CVE-2016-0718Expat allows context-dependent attackers to cause a denial of service ...
CVE-2007-0801The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...
CVE-2006-6585The Extensions manager in Mozilla Firefox 2.0 does not properly ...
CVE-2006-6504Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...
CVE-2006-6503Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...
CVE-2006-6502Use-after-free vulnerability in the LiveConnect bridge code for ...
CVE-2006-6501Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...
CVE-2006-6499The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...
CVE-2006-6498Multiple unspecified vulnerabilities in the JavaScript engine for ...
CVE-2006-6497Multiple unspecified vulnerabilities in the layout engine for Mozilla ...
CVE-2006-5748Multiple unspecified vulnerabilities in the JavaScript engine in ...
CVE-2006-5747Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...
CVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...
CVE-2006-5464Multiple unspecified vulnerabilities in the layout engine in Mozilla ...
CVE-2006-5463Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...
CVE-2006-5462Mozilla Network Security Service (NSS) library before 3.11.3, as used ...
CVE-2006-4310Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...
CVE-2006-2723Unspecified versions of Mozilla Firefox allow remote attackers to ...

Security announcements

DSA / DLADescription
DLA-991-1firefox-esr - security update
DSA-3881-1firefox-esr - security update
DSA-3881-1firefox-esr - security update
DLA-906-1firefox-esr - security update
DSA-3831-1firefox-esr - security update
DLA-852-1firefox-esr - security update
DSA-3805-1firefox-esr - security update
DLA-800-1firefox-esr - security update
DSA-3771-1firefox-esr - security update
DLA-743-1firefox-esr - security update
DSA-3734-1firefox-esr - security update
DSA-3728-1firefox-esr - security update
DLA-730-1firefox-esr - security update
DSA-3716-1firefox-esr - security update
DLA-636-2firefox-esr - regression update
DLA-636-1firefox-esr - security update
DSA-3674-1firefox-esr - security update
DLA-585-1firefox-esr - security update
DSA-3640-1firefox-esr - security update
DLA-521-1firefox-esr - security update
DSA-3600-1firefox-esr - security update

Search for package or bug name: Reporting problems