Mozilla Firefox and Thunderbird were updated to fix several important
vulnerabilities.
Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to
31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency.
The following vulnerabilities were fixed in Mozilla Firefox:
The following vulnerability was fixed in functionality that was not
released as an update to openSUSE:
The functionality added in 37.0 and thus removed in 37.0.1 was:
The following functionality was added or updated in Mozilla Firefox:
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL centralized
certificate revocation
* some more behaviour changes for TLS
The following vulnerabilities were fixed in Mozilla Thunderbird:
mozilla-nspr was updated to 4.10.8 as a dependency and received the
following changes:
* bmo#573192: remove the stack-based PRFileDesc cache.
* bmo#756047: check for _POSIX_THREAD_PRIORITY_SCHEDULING > 0 instead of
only checking if the identifier is defined.
* bmo#1089908: Fix variable shadowing in _PR_MD_LOCKFILE. Use
PR_ARRAY_SIZE to get the array size of _PR_RUNQ(t->cpu).
* bmo#1106600: Replace PR_ASSERT(!"foo") with PR_NOT_REACHED("foo") to
fix clang -Wstring-conversion warnings.
bugzilla.suse.com/925368
bugzilla.suse.com/925392
bugzilla.suse.com/925393
bugzilla.suse.com/925394
bugzilla.suse.com/925395
bugzilla.suse.com/925396
bugzilla.suse.com/925397
bugzilla.suse.com/925398
bugzilla.suse.com/925399
bugzilla.suse.com/925400
bugzilla.suse.com/925401
bugzilla.suse.com/925402
bugzilla.suse.com/926166