firefox: multiple issues

CVE-2014-1587: Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman,
and Max Jonas Werner reported memory safety problems and crashes that
affect Firefox ESR 31.2 and Firefox 33.

CVE-2014-1588: Christian Holler, Gary Kwong, Jon Coppeard, Eric Rahm,
Byron Campen, Eric Rescorla, and Xidorn Quan reported memory safety
problems and crashes that affect Firefox 33.

CVE-2014-1589: Security researcher Cody Crews reported a method to
trigger chrome level XML Binding Language (XBL) bindings through web
content. This was possible because some chrome accessible CSS
stylesheets had their primary namespace improperly declared. When this
occurred, it was possible to use these stylesheets to manipulate XBL
bindings, allowing web content to bypass security restrictions. This
issue was limited to a specific set of stylesheets.

CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that
passing a JavaScript object to XMLHttpRequest that mimics an input
stream will a crash. This crash is not exploitable and can only be used
for denial of service attacks.

CVE-2014-1591: Security researcher Muneaki Nishimura discovered that
Content Security Policy (CSP) violation reports triggered by a redirect
did not remove path information as required by the CSP specification.
This potentially reveals information about the redirect that would not
otherwise be known to the original site. This could be used by a
malicious site to obtain sensitive information such as usernames or
single-sign-on tokens encoded within the target URLs.

CVE-2014-1592: Security researcher Berend-Jan Wever reported a
use-after-free created by triggering the creation of a second root
element while parsing HTML written to a document created with
document.open(). This leads to a potentially exploitable crash.

CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a
buffer overflow during the parsing of media content. This leads to a
potentially exploitable crash.

CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and
Taesoo Kim at the Georgia Tech Information Security Center (GTISC)
reported a bad casting from the BasicThebesLayer to BasicContainerLayer,
resulting in undefined behavior. This behavior is potentially
exploitable with some compilers but no clear mechanism to trigger it
through web content was identified.

CVE-2014-8631: CVE-2014-8632: Privileged access to security wrapped
protected objects. Both of these issues could allow web content to
access DOM objects that are intended to be chrome-only.