Mozilla Firefox 27 release (important)

Mozilla Firefox was updated to version 27. Mozilla
Seamonkey was updated to 2.24, fixing similar issues as
Firefox 27. Mozilla Thunderbird was updated to 24.3.0,
fixing similar issues as Firefox 27.

The Firefox 27 release brings TLS 1.2 support as a major
security feature.

It also fixes following security issues:

• MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous
  memory safety hazards (rv:27.0 / rv:24.3)
• MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected
  content with XBL scopes
• MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection
  timeout missing on download prompts
• MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use
  of discarded images by RasterImage
• MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information
  disclosure with *FromPoint on iframes
• MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path
  leaks to Android system log
• MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT
  stylesheets treated as styles in Content Security Policy
• MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free
  with imgRequestProxy and image proccessing
• MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin
  information leak through web workers
• MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default
  start page UI content invokable by script
• MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when
  using web workers with asm.js
• MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545,
  bmo#930874, bmo#930857) NSS ticket handling issues
• MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent
  JavaScript handling of access to Window objects

Mozilla NSS was updated to 3.15.4:

• required for Firefox 27
• regular CA root store update (1.96)
• Reordered the cipher suites offered in SSL/TLS client
  hello messages to match modern best practices.
• Improved SSL/TLS false start. In addition to enabling
  the SSL_ENABLE_FALSE_START option, an application must
  now register a callback using the
  SSL_SetCanFalseStartCallback function.
• When false start is enabled, libssl will sometimes
  return unencrypted, unauthenticated data from PR_Recv
  (CVE-2013-1740, bmo#919877)
• MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket
  handling issues New functionality
• Implemented OCSP querying using the HTTP GET method,
  which is the new default, and will fall back to the
  HTTP POST method.
• Implemented OCSP server functionality for testing
  purposes (httpserv utility).
• Support SHA-1 signatures with TLS 1.2 client
  authentication.
• Added the --empty-password command-line option to
  certutil, to be used with -N: use an empty password
  when creating a new database.
• Added the -w command-line option to pp: don’t wrap long
  output lines.