topic Re: FF ESR 140.2 missing fix vs FF 142 in Discussions

topic Re: FF ESR 140.2 missing fix vs FF 142 in Discussions https://connect.mozilla.org/t5/discussions/ff-esr-140-2-missing-fix-vs-ff-142/m-p/103945#M40314 <P>CVE-2025-9197 <A href="https://nvd.nist.gov/vuln/detail/CVE-2025-9197" target="_self">does not exist!</A> </P> Sat, 23 Aug 2025 22:42:00 GMT siffemcon 2025-08-23T22:42:00Z FF ESR 140.2 missing fix vs FF 142 https://connect.mozilla.org/t5/discussions/ff-esr-140-2-missing-fix-vs-ff-142/m-p/103922#M40303 <P>As of the time of this writing (Unix epoch 1755962780), there is a high-impact bug not fixed in Firefox ESR 140.2 or ESR 128.14 even though it's been fixed in Firefox 142 (edit: fixed typo that said Firefox 140.2)</P><P>If you compare these three sites:</P><P><A href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/" target="_blank" rel="noopener">https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/</A><BR /><A href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/" target="_blank" rel="noopener">https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/</A><BR /><A href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/" target="_blank" rel="noopener">https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/</A></P><P>You'll see neither ESR pages mention CVE-2025-9197 as described in both <A href="https://nvd.nist.gov/vuln/detail/CVE-2025-9187" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-9187</A> and <A href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9187" target="_blank" rel="noopener">https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9187</A>. The reference link in the Mozilla page goes to a page that says "Zarro Books found" and the NIST page tagged the Bugzilla link as a "Broken Link".</P><P>Am I missing/misunderstanding something? Or have they not patched this bug yet?</P> Sat, 23 Aug 2025 16:14:15 GMT https://connect.mozilla.org/t5/discussions/ff-esr-140-2-missing-fix-vs-ff-142/m-p/103922#M40303 dmgoldstein1 2025-08-23T16:14:15Z Re: FF ESR 140.2 missing fix vs FF 142 https://connect.mozilla.org/t5/discussions/ff-esr-140-2-missing-fix-vs-ff-142/m-p/103945#M40314 <P>CVE-2025-9197 <A href="https://nvd.nist.gov/vuln/detail/CVE-2025-9197" target="_self">does not exist!</A> </P> Sat, 23 Aug 2025 22:42:00 GMT https://connect.mozilla.org/t5/discussions/ff-esr-140-2-missing-fix-vs-ff-142/m-p/103945#M40314 siffemcon 2025-08-23T22:42:00Z