| Errata ID | 293 |
|---|---|
| Date | 2018-11-01 |
| Source package | firefox-esr |
| Fixed in version | 60.3.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) * Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Crash with nested event loops (CVE-2018-12392) * Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * WebExtension local file permission check bypass (CVE-2018-12397) |
| Additional notes | |
| CVE ID | CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 |
| UCS Bug number | #48049 |
