June 26, 2018 Andrey Cherepanov 60.1.0-alt1
- New ESR version (60.1.0).
- Fixed:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12361 Integer overflow in SwizzleData
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12371 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12367 Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12369 WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-5187 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9