Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
https://www.mozilla.org/security/advisories/mfsa2018-09/
https://www.mozilla.org/security/advisories/mfsa2018-07/
https://www.debian.org/security/2018/dsa-4155
https://www.debian.org/security/2018/dsa-4139
https://usn.ubuntu.com/3545-1/
https://security.gentoo.org/glsa/201811-13
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955
https://access.redhat.com/errata/RHSA-2018:0648
https://access.redhat.com/errata/RHSA-2018:0647
https://access.redhat.com/errata/RHSA-2018:0527
https://access.redhat.com/errata/RHSA-2018:0526