Errata overview
Errata ID 620
Date 2019-12-11
Source package firefox-esr
Fixed in version 68.3.0esr-1~deb9u1
This update addresses the following issues:
* Tor Browser through 8.5.3 has an information exposure vulnerability. It
  allows remote attackers to detect the browser's language via vectors
  involving an IFRAME element, because text in that language is included in
  the title attribute of a LINK element for a non-HTML page. This is related
  to a behavior of Firefox before 68. (CVE-2019-13075)
* Buffer overflow in plain text serializer (CVE-2019-17005)
* Use-after-free in worker destruction (CVE-2019-17008)
* Use-after-free when performing device orientation checks (CVE-2019-17010)
* Use-after-free when retrieving a document in antitracking (CVE-2019-17011)
* Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
Additional notes
CVE ID CVE-2019-13075
UCS Bug number #50623