[3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397)
CVE-2018-12389: Memory safety bugs
CVE-2018-12390: Memory safety bugs
CVE-2018-12392: Crash with nested event loops
CVE-2018-12393: Integer overflow during Unicode conversion while
CVE-2018-12395: WebExtension bypass of domain restrictions through
header rewriting
CVE-2018-12396: WebExtension content scripts can execute in disallowed
contexts
CVE-2018-12397: Missing warning prompt when WebExtension requests local
file access
Fixed In Version:
Firefox ESR 60.3
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
(from redmine: issue id 9605, created on 2018-10-30, closed on 2019-04-15)
- Relations:
- parent #9604 (closed)