| Errata ID | 12 |
|---|---|
| Date | 2019-03-27 |
| Source package | firefox-esr |
| Fixed in version | 60.6.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) * Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Use-after-free with SMIL animation controller (CVE-2019-9796) * IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) |
| Additional notes | |
| CVE ID | CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 |
| UCS Bug number | #49078 |
