MozillaFirefox was updated to version 49.0 (boo#999701)
- New features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
HTTP logins.
* Added features to Reader Mode that make it easier on the eyes and
the ears
* Improved video performance for users on systems that support SSE3
without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
- Security related fixes
* MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -
Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad
cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276
(bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274
(bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278
(bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web
pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281
(bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)
Don’t allow content to request favicons from non-whitelisted schemes
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site
certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in
Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and
Firefox ESR 45.4
requires NSS 3.25
Mozilla Firefox 48.0.2:
mozilla-nss was updated to NSS 3.25. New functionality: