Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability that can occur when removing in-use DOM (Document Object Model) elements. Attackers can exploit this scenario, which was discovered by researcher Brandon Wieser, to intentionally cause a crash.
The final shared critical vulnerability consisted of a series of memory safety bugs (CVE-2019-9788) uncovered by Mozilla’s developers and community. Another set of memory safety bugs were also found only in the standard version of Firefox (CVE-2019-9789).
The previous versions of Firefox and Firefox ESR also shared an additional four high-level flaws, and one moderate-level bug. ESR also had one of its very own moderate vulnerabilities patched, while the latest standard version fixed an additional four-moderate level and four low-level bugs.