The updated packages fix security vulnerabilities:
objects due to issues in Array.pop. This can allow for an exploitable
crash. We are aware of targeted attacks in the wild abusing this flaw.
This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3,
and Thunderbird < 60.7.2. (CVE-2019-11707)
Insufficient vetting of parameters passed with the Prompt:Open IPC message
between child and parent processes can result in the non-sandboxed parent
process opening web content chosen by a compromised child process. When
combined with additional vulnerabilities this could result in executing
arbitrary code on the user's computer. This vulnerability affects Firefox
ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. (CVE-2019-11708)
The mozjs60 package has been updated to version 60.9.0, fixing these issues
and other bugs. The gjs package has been rebuilt against the updated mozjs60.