The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4546 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4546-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     April 23, 2026                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : firefox-esr     Version        : 140.10.0esr-1~deb11u1     CVE ID         : CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749                      CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753                      CVE-2026-6754 CVE-2026-6757 CVE-2026-6761 CVE-2026-6762                      CVE-2026-6763 CVE-2026-6764 CVE-2026-6765 CVE-2026-6766                      CVE-2026-6767 CVE-2026-6769 CVE-2026-6770 CVE-2026-6771                      CVE-2026-6772 CVE-2026-6776 CVE-2026-6785 CVE-2026-6786

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code, spoofing, information disclosure or privilege escalation.

    For Debian 11 bullseye, these problems have been fixed in version     140.10.0esr-1~deb11u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-4546 : firefox-esr - security update

critical Nessus Plugin ID 309901

Version 1.2

Version 1.1

Version 1.2 May 1, 2026, 7:22 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202605010722
Version 1.1 Apr 23, 2026, 6:19 PM New Plugin Feed: 202604231819