March 21, 2019 Andrey Cherepanov 60.6.0-alt1
- New ESR version (60.6.0).
- Fixed:
+ CVE-2019-9790 Use-after-free when removing in-use DOM elements
+ CVE-2019-9791 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
+ CVE-2019-9792 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ CVE-2019-9793 Improper bounds checks when Spectre mitigations are disabled
+ CVE-2019-9794 Command line arguments not discarded during execution
+ CVE-2019-9795 Type-confusion in IonMonkey JIT compiler
+ CVE-2019-9796 Use-after-free with SMIL animation controller
+ CVE-2019-9801 Windows programs that are not 'URL Handlers' are exposed to web content
+ CVE-2018-18506 Proxy Auto-Configuration file can define localhost access to be proxied
+ CVE-2019-9788 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6