Errata overview
Errata ID 238
Date 2018-09-26
Source package firefox-esr
Fixed in version 60.2.1esr-1~deb9u1
This update addresses the following issues:
* Crash in TransportSecurityInfo due to cached data (CVE-2018-12385)
* Setting a master password post-Firefox 58 does not delete unencrypted
  previously stored passwords (CVE-2018-12383)
Additional notes
CVE ID CVE-2018-12385
UCS Bug number #47851