Multiple vulnerabilities have been found and fixed in Firefox, versions 60.1.0
(ESR) and 61.0.
Security vulnerabilities fixed in Firefox ESR 60.1
Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR
Buffer overflow using computed size of canvas element
Use-after-free when using focus()
Integer overflow in SwizzleData
Integer overflow in SSSE3 scaler
Media recorder segmentation fault when track type is changed during
Use-after-free when appending DOM nodes
CSRF attacks through 307 redirects and NPAPI plugins
Compromised IPC child process can list local filenames
Integer overflow in Skia library during edge builder allocation
Invalid data handling during QCMS transformations
Timing attack mitigation of PerformanceNavigationTiming
No warning when opening executable SettingContent-ms files
WebExtension security permission checks bypassed by embedded experiments
Security vulnerabilities fixed in Firefox 61
(listing only vulnerabilities not already mentioned above)
Memory safety bugs fixed in Firefox 61
Same-origin bypass using service worker and redirection
SameSite cookie protections bypassed when exiting Reader View
Gentoo Security Scout
Vulnerabilities specific to 52 ESR (Fixed in 52.9)
firefox-60.1.0 can be marked stable, Whissi are you okay with -bin same version being marked stable?
(In reply to Jory A. Pratt from comment #2)
> firefox-60.1.0 can be marked stable, Whissi are you okay with -bin same
> version being marked stable?
Yes, -bin is already done.
firefox-60.1 is failing to apply this patch:
Is there a bug tracking this?
(In reply to devsk from comment #4)
> firefox-60.1 is failing to apply this patch:
> Is there a bug tracking this?
Your tree is out of date, I have already addressed the issue.
Superseded by bug 665496.
Added to an existing GLSA request.
This issue was resolved and addressed in
GLSA 201810-01 at https://security.gentoo.org/glsa/201810-01
by GLSA coordinator Thomas Deutschmann (whissi).