This update to Mozilla Firefox 47 fixes the following issues (boo#983549):
Security fixes:
- CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655
MFSA 2016-50)
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
- CVE-2016-2822: Addressbar spoofing though the SELECT element
(boo#983652 MFSA 2016-52)
- CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
- CVE-2016-2825: Partial same-origin-policy through setting
location.host through data URI (boo#983649 MFSA 2016-54)
- CVE-2016-2828: Use-after-free when textures are used in WebGL
operations after recycle pool destruction (boo#983646 MFSA 2016-56)
- CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
- CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
- CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
- CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not
installed
- View and search open tabs from your smartphone or another computer in
a sidebar
- Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
- boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
- boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
- ChaCha20/Poly1305 cipher and TLS cipher suites now supported
- The list of TLS extensions sent in the TLS handshake has been
reordered to increase compatibility of the Extended Master Secret
with with servers
bugzilla.suse.com/980384
bugzilla.suse.com/981695
bugzilla.suse.com/983549
bugzilla.suse.com/983632
bugzilla.suse.com/983638
bugzilla.suse.com/983639
bugzilla.suse.com/983640
bugzilla.suse.com/983643
bugzilla.suse.com/983644
bugzilla.suse.com/983646
bugzilla.suse.com/983649
bugzilla.suse.com/983651
bugzilla.suse.com/983652
bugzilla.suse.com/983653
bugzilla.suse.com/983655