MozillaFirefox: Update to version 28.0 (important)

Mozilla Firefox was updated to version 28.0, receiving
enhancements, bug and security fixes. Mozilla NSPR was
updated to 4.10.4 receiving enhancements, bug and security
fixes. Mozilla NSS was updated to 3.15.5 receiving
enhancements, bug and security fixes.

Changes in MozillaFirefox:

• update to Firefox 28.0 (bnc#868603)

• MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous
  memory safety hazards
• MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds
  read during WAV file decoding
• MFSA 2014-18/CVE-2014-1498 (bmo#935618)
  crypto.generateCRMFRequest does not validate type of key
• MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack
  on WebRTC permission prompt
• MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload
  and Javascript navigation DOS
• MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content
  injection from one domain to rendering in another
• MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content
  Security Policy for data: documents not preserved by
  session restore
• MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information
  disclosure through polygon rendering in MathML
• MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory
  corruption in Cairo during PDF font rendering
• MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters
  information disclosure through feDisplacementMap
• MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,
  bmo#982909) Privilege escalation using
  WebIDL-implemented APIs
• MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free
  in TypeObject
• MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds
  read/write through neutering ArrayBuffer objects
• MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds
  write through TypedArrayObject after neutering

• requires NSPR 4.10.3 and NSS 3.15.5
• new build dependency (and recommends):

• libpulse
• JS math correctness issue (bmo#941381)

Changes in mozilla-nspr:

• update to version 4.10.4

• bmo#767759: Add support for new x32 abi
• bmo#844784: Thread data race in PR_EnterMonitor
• bmo#939786: data race
  nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root
• bmo#958796: Users of _beginthreadex that set a custom
  stack size may not be getting the behavior they want
• bmo#963033: AArch64 support update for NSPR
• bmo#969061: Incorrect end-of-list test when iterating
  over a PRCList in prcountr.c and prtrace.c
• bmo#971152: IPv6 detection on linux depends on
  availability of /proc/net/if_inet6

• update to version 4.10.3

• bmo#749849: ensure we’ll free the thread-specific data
  key.
• bmo#941461: don’t compile android with unaligned memory
  access.
• bmo#932398: Add PR_SyncMemMap, a portable version of
  msync/FlushViewOfFile.
• bmo#952621: Fix a thread-unsafe access to lock->owner
  in PR_Lock.
• bmo#957458: Fix several bugs in the lock rank checking
  code.
• bmo#936320: Use an alternative test for IPv6 support on
  Linux to avoid opening a socket.

Changes in mozilla-nss:

• update to 3.15.5

• required for Firefox 28
• export FREEBL_LOWHASH to get the correct default
  headers (bnc#865539) New functionality
• Added support for the TLS application layer protocol
  negotiation (ALPN) extension. Two SSL socket options,
  SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to
  control whether NPN or ALPN (or both) should be used
  for application layer protocol negotiation.
• Added the TLS padding extension. The extension type
  value is 35655, which may change when an official
  extension type value is assigned by IANA. NSS
  automatically adds the padding extension to ClientHello
  when necessary.
• Added a new macro CERT_LIST_TAIL, defined in certt.h,
  for getting the tail of a CERTCertList. Notable Changes
• bmo#950129: Improve the OCSP fetching policy when
  verifying OCSP responses
• bmo#949060: Validate the iov input argument (an array
  of PRIOVec structures) of ssl_WriteV (called via
  PR_Writev). Applications should still take care when
  converting struct iov to PRIOVec because the iov_len
  members of the two structures have different types
  (size_t vs. int). size_t is unsigned and may be larger
  than int.