Security update for Mozilla Firefox
This update for Mozilla Firefox to version 60.3.0esr fixes security issues and stability bugs.
The following security issues were fixed (MFSA 2018-27, boo#1112852):
- CVE-2018-12392: Crash with nested event loops
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
- CVE-2018-12397: WebExtension local file access vulnerability
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1112852
VUL-0: MozillaFirefox,MozillaThunderbird: 63, 60.3.0 ESR releases including security fixes
