Firefox ESR 115.21 Missing CVEs
Hi All We are utilising the Firefox ESR 115.21 (current release) on some devices to keep them as risk free as possible while we work on upgrading them. I was wondering if the CVE that our monitoring software is reporting as currently open vulnerabilities against version 115.21 are correct and if so, is there any plan to mitigate these in the upcoming ESR between now and Aug 2025? I would just like to understand so I can document on our end appropriately. Thanks in advance.
Mozilla Firefox ESR (x64 en-US) (ver. 115.21.0) CVE's: CVE Details - Risk - Date of Release CVE-2024-7518 6.5 Aug 7, 2024 CVE-2024-7520 8.8 Aug 7, 2024 CVE-2024-7528 8.8 Aug 7, 2024 CVE-2024-8385 9.8 Sep 4, 2024 CVE-2024-8386 6.1 Sep 4, 2024 CVE-2024-9397 6.1 Oct 2, 2024 CVE-2024-9398 5.3 Oct 2, 2024
Все ответы (1)
The ESR channel versions are meant for Enterprise users in mind as they like longer term stability. Since stability is a concern it is possible that more minimal security concerns may not be included in the ESR version.
Besides there can be some security concerns in a current Release that may not be an issue in older versions like Firefox 115.0 which is what Firefox 115 ESR is based on.
You can see what is fixed in Firefox 115.21.0esr https://www.mozilla.org/security/advisories/mfsa2025-15/ and the older Firefox 115 ESR versions at https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/
Also https://www.mozilla.org/security/advisories/
Firefox 115.27.0esr in August is the last planned update unless Mozilla extends updates a third time.
Изменено James
Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.