Yesterday Mozilla announced that a critical vulnerability exists in Firefox and Firefox ESR and that a zero-day exploit is circulating in the wild. They’re urging users to upgrade to 67.0.3 or 60.7.1 ESR.
Looks like 60.7.1 ESR was pushed to the Debian update repos a couple hours after the Mozilla announcement went live. But near as I can tell, Leap 15.1 update repositories are still sitting at 60.6.3 ESR which is almost 3 weeks old.
Is this being worked-on?