Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Debian OpenSSL Key Generation Flaw Allows Man-in-the-Middle Attacks
DEBIAN-CVE-2026-8091
Summary
A flaw in Debian's OpenSSL package allows attackers to intercept sensitive information, such as encrypted data and login credentials. This can happen when Debian systems generate or use OpenSSL keys. To protect your systems, update your Debian OpenSSL package to the latest version and follow best practices for key generation.
What to do
- Update debian firefox-esr to version 140.10.1esr-1~deb12u1.
- Update debian firefox-esr to version 140.10.1esr-1~deb13u1.
- Update debian firefox-esr to version 140.10.1esr-1.
- Update debian thunderbird to version 1:140.10.1esr-1~deb12u1.
- Update debian thunderbird to version 1:140.10.1esr-1~deb13u1.
- Update debian thunderbird to version 1:140.10.1esr-1.
- Update debian firefox-esr to version 140.10.1esr-1~deb11u1.
- Update debian thunderbird to version 1:140.10.1esr-1~deb11u1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | firefox-esr |
< 140.10.1esr-1~deb11u1 Fix: upgrade to 140.10.1esr-1~deb11u1
|
| Debian:12 | debian | firefox-esr |
< 140.10.1esr-1~deb12u1 Fix: upgrade to 140.10.1esr-1~deb12u1
|
| Debian:13 | debian | firefox-esr |
< 140.10.1esr-1~deb13u1 Fix: upgrade to 140.10.1esr-1~deb13u1
|
| Debian:14 | debian | firefox-esr |
< 140.10.1esr-1 Fix: upgrade to 140.10.1esr-1
|
| Debian:11 | debian | thunderbird |
< 1:140.10.1esr-1~deb11u1 Fix: upgrade to 1:140.10.1esr-1~deb11u1
|
| Debian:12 | debian | thunderbird |
< 1:140.10.1esr-1~deb12u1 Fix: upgrade to 1:140.10.1esr-1~deb12u1
|
| Debian:13 | debian | thunderbird |
< 1:140.10.1esr-1~deb13u1 Fix: upgrade to 1:140.10.1esr-1~deb13u1
|
| Debian:14 | debian | thunderbird |
< 1:140.10.1esr-1 Fix: upgrade to 1:140.10.1esr-1
|
Original title
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.3...
Original description
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.
- https://security-tracker.debian.org/tracker/CVE-2026-8091 Vendor Advisory
Published: 7 May 2026 · Updated: 9 May 2026 · First seen: 7 May 2026