File _patchinfo of Package patchinfo.9289
<patchinfo incident="9289">
<issue tracker="bnc" id="1112852">VUL-0: MozillaFirefox,MozillaThunderbird: 63, 60.3.0 ESR releases including security fixes</issue>
<issue tracker="cve" id="2018-12389"/>
<issue tracker="cve" id="2018-12397"/>
<issue tracker="cve" id="2018-12396"/>
<issue tracker="cve" id="2018-12395"/>
<issue tracker="cve" id="2018-12393"/>
<issue tracker="cve" id="2018-12392"/>
<issue tracker="cve" id="2018-12390"/>
<category>security</category>
<rating>important</rating>
<packager>alarrosa</packager>
<description>This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
</description>
<summary>Security update for MozillaFirefox</summary>
</patchinfo>