[3.8] firefox-esr: Multiple vulnerabilities (CVE-2018-12385, CVE-2018-12386, CVE-2018-12387)
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
Fixed in Version:
Firefox ESR 60.2.1
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/
CVE-2018-12386: Type confusion in JavaScript
CVE-2018-12387: stack out-of-bounds read in Array.prototype.push
Fixed In Version:
Firefox ESR 60.2.2
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(from redmine: issue id 9514, created on 2018-10-08, closed on 2019-03-25)
- Relations:
- parent #9512 (closed)