Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Debian Package Manager Allows Arbitrary File Execution
DEBIAN-CVE-2026-8094
Summary
A security issue in Debian's package manager could allow an attacker to execute any file on a system. This could happen if a user installs a malicious package or if an attacker gains access to the package manager. To fix this, users should update their Debian system to the latest version.
What to do
- Update debian firefox-esr to version 140.10.2esr-1~deb12u1.
- Update debian firefox-esr to version 140.10.2esr-1~deb13u1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | firefox-esr | All versions |
| Debian:12 | debian | firefox-esr |
< 140.10.2esr-1~deb12u1 Fix: upgrade to 140.10.2esr-1~deb12u1
|
| Debian:13 | debian | firefox-esr |
< 140.10.2esr-1~deb13u1 Fix: upgrade to 140.10.2esr-1~deb13u1
|
| Debian:14 | debian | firefox-esr | All versions |
Original title
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
Original description
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
- https://security-tracker.debian.org/tracker/CVE-2026-8094 Vendor Advisory
Published: 7 May 2026 · Updated: 9 May 2026 · First seen: 7 May 2026