The three critical issue (CVE-2020-12387, CVE-2020-12388 and CVE-2020-12395) are shared between the Firefox 76 and ESR 68.8.
The first critical flaw found in both products is a Use-after-free during worker shutdown that can be used to create a potentially exploitable crash. The second is due to Firefox content processes that does not sufficiently lockdown access control which could result in a sandbox escape. The third are memory safety bugs that is believed could result in arbitrary code being run.
The remaining issues were rated high, medium and low. This included CVE-2020-12389, CVE-2020-6831, CVE-2020-12392, CVE-2020-12393 for both products.
Just affecting Firefox 76 were CVE-2020-12390, CVE-2020-12391 and CVE-2020-12394.