File _patchinfo of Package patchinfo.9289

<patchinfo incident="9289">
  <issue tracker="bnc" id="1112852">VUL-0: MozillaFirefox,MozillaThunderbird: 63, 60.3.0 ESR releases including security fixes</issue>
  <issue tracker="cve" id="2018-12389"/>
  <issue tracker="cve" id="2018-12397"/>
  <issue tracker="cve" id="2018-12396"/>
  <issue tracker="cve" id="2018-12395"/>
  <issue tracker="cve" id="2018-12393"/>
  <issue tracker="cve" id="2018-12392"/>
  <issue tracker="cve" id="2018-12390"/>
  <category>security</category>
  <rating>important</rating>
  <packager>alarrosa</packager>
  <description>This update for MozillaFirefox fixes the following issues:

Security issues fixed:

- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>