firefox: multiple issues

• CVE-2016-0718 (arbitrary code execution)

Out-of-bounds read during XML parsing in Expat library.

• CVE-2016-2830 (information disclosure)

Favicon network connection can persist when page is closed.

• CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)

Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.

• CVE-2016-2837 (arbitrary code execution)

Buffer overflow in ClearKey Content Decryption Module (CDM) during video
playback

• CVE-2016-2838 (arbitrary code execution)

Buffer overflow rendering SVG with bidirectional content.

• CVE-2016-5250 (information disclosure)

Information disclosure through Resource Timing API during page
navigation.

• CVE-2016-5251 (URL spoofing)

Location bar spoofing via data URLs with malformed/invalid mediatypes.

• CVE-2016-5252 (arbitrary code execution)

Stack underflow during 2D graphics rendering.

• CVE-2016-5254 (arbitrary code execution)

Use-after-free when using alt key and toplevel menus.

• CVE-2016-5255 (arbitrary code execution)

Crash in incremental garbage collection in JavaScript.

• CVE-2016-5258 (arbitrary code execution)

Use-after-free in DTLS during WebRTC session shutdown.

• CVE-2016-5259 (arbitrary code execution)

Use-after-free in service workers with nested sync events.

• CVE-2016-5260 (information disclosure)

Form input type change from password to text can store plain text
password in session restore file.

• CVE-2016-5261 (arbitrary code execution)

Integer overflow in WebSockets during data buffering.

• CVE-2016-5262 (cross-site scripting)

Scripts on marquee tag can execute in sandboxed iframes.

• CVE-2016-5263 (type confusion)

Type confusion in display transformation

• CVE-2016-5264 (use after free)

Use-after-free when applying SVG effects.

• CVE-2016-5265 (same-origin policy bypass)

Same-origin policy violation using local HTML file and saved shortcut
file.

• CVE-2016-5266 (information disclosure)

Information disclosure and local file manipulation through drag and
drop.

• CVE-2016-5268 (spoofing)

Spoofing attack through text injection into internal error pages.