Security update update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs
(boo#977333).

The following vulnerabilities were fixed:

• CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39
  (boo#977373)
• CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39
  (boo#977375)
• CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39
  (boo#977376)
• CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()
  • MFSA 2016-47 (boo#977386)
• CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42
  (boo#977379)
• CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42
  (boo#977379)
• CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -
  MFSA 2016-44 (boo#977381)
• CVE-2016-2816: CSP not applied to pages sent with
  multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)
• CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web
  extensions - MFSA 2016-46 (boo#977384)
• CVE-2016-2820: Firefox Health Reports could accept events from untrusted
  domains - MFSA 2016-48 (boo#977388)

The following miscellaneous changes are included:

• Improved security of the JavaScript Just In Time (JIT) Compiler
• WebRTC fixes to improve performance and stability
• Added support for document.elementsFromPoint
• Added HKDF support for Web Crypto API

The following changes from Mozilla Firefox 45.0.2 are included:

• Fix an issue impacting the cookie header when third-party cookies are
  blocked
• Fix a web compatibility regression impacting the srcset attribute of the
  image tag
• Fix a crash impacting the video playback with Media Source Extension
• Fix a regression impacting some specific uploads
• Fix a regression with the copy and paste with some old versions of some
  Gecko applications like Thunderbird

The following changes from Mozilla Firefox 45.0.2 are included:

• Fix a regression causing search engine settings to be lost in some
  context
• Bring back non-standard jar: URIs to fix a regression in IBM iNotes
• XSLTProcessor.importStylesheet was failing when import was used
• Fix an issue which could cause the list of search provider to be empty
• Fix a regression when using the location bar (bmo#1254503)
• Fix some loading issues when Accept third-party cookies: was set to Never
• Disabled Graphite font shaping library

The minimum requirements increased to NSPR 4.12 and NSS 3.22.3.

Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox
46.0, with the following changes:

• Increase compatibility of TLS extended master secret, don’t send an
  empty TLS extension last in the handshake (bmo#1243641)
• RSA-PSS signatures are now supported
• Pseudorandom functions based on hashes other than SHA-1 are now supported
• Enforce an External Policy on NSS from a config file