Debian Security

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6078-1

Insufficient validation of incoming notifies over TCP in PDNS Recursor, a resolving name server, could result in denial of service.

https://security-tracker.debian.org/tracker/DSA-6077-1

Several vulnerabilities were reported in the libpng PNG library, which could lead to information leaks, denial of service or potentially the execution of arbitrary code if a specially crafted image is processed.

https://security-tracker.debian.org/tracker/DSA-6076-1

Multiple security issues were discovered in the WordPress blogging tool, which could result in cross-site scripting or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6075-1

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2025-13947

Janet Black discovered that a website may be able to exfiltrate sensitive system information.

CVE-2025-43421

Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43458

Phil Beauvoir discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-66287

Stanislav Fort discovered that processing maliciously crafted web content may lead to an unexpected process crash.

https://security-tracker.debian.org/tracker/DSA-6074-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-6073-1