| Errata ID | 254 |
|---|---|
| Date | 2019-09-11 |
| Source package | firefox-esr |
| Fixed in version | 60.9.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Sandbox escape through Firefox Sync (CVE-2019-9812) * Memory safety bugs fixed (CVE-2019-11740) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Cross-origin access to unload event attributes (CVE-2019-11743) * XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Use-after-free while manipulating video (CVE-2019-11746) * Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) |
| Additional notes | |
| CVE ID | CVE-2019-9812 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 |
| UCS Bug number | #50121 |
