This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20