This update for MozillaFirefox to version 51.0.1 fixes security issues and
bugs.
These security issues were fixed:
- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and
DEP (bmo#1325200, boo#1021814)
- CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
CVE-2017-5377: Memory corruption with transforms to create gradients in
Skia (bmo#1306883, boo#1021826)
- CVE-2017-5378: Pointer and frame data leakage of Javascript objects
(bmo#1312001, bmo#1330769, boo#1021818)
- CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)
- CVE-2017-5380: Potential use-after-free during DOM manipulations
(bmo#1322107, boo#1021819)
- CVE-2017-5390: Insecure communication methods in Developer Tools JSON
viewer (bmo#1297361, boo#1021820)
- CVE-2017-5389: WebExtensions can install additional add-ons via modified
host requests (bmo#1308688, boo#1021828)
- CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,
boo#1021821)
- CVE-2017-5381: Certificate Viewer exporting can be used to navigate and
save to arbitrary filesystem locations (bmo#1017616, boo#1021830)
- CVE-2017-5382: Feed preview can expose privileged content errors and
exceptions (bmo#1295322, boo#1021831)
- CVE-2017-5383: Location bar spoofing with unicode characters
(bmo#1323338, bmo#1324716, boo#1021822)
- CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
(bmo#1255474, boo#1021832)
- CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
response headers (bmo#1295945, boo#1021833)
- CVE-2017-5386: WebExtensions can use data: protocol to affect other
extensions (bmo#1319070, boo#1021823)
- CVE-2017-5391: Content about: pages can load privileged about: pages
(bmo#1309310, boo#1021835)
- CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
mozAddonManager (bmo#1309282, boo#1021837)
- CVE-2017-5387: Disclosure of local file existence through TRACK tag
error messages (bmo#1295023, boo#1021839)
- CVE-2017-5388: WebRTC can be used to generate a large amount of UDP
traffic for DDOS attacks (bmo#1281482, boo#1021840)
- CVE-2017-5374: Memory safety bugs (boo#1021841)
- CVE-2017-5373: Memory safety bugs (boo#1021824)
These non-security issues in MozillaFirefox were fixed:
- Added support for FLAC (Free Lossless Audio Codec) playback
- Added support for WebGL 2
- Added Georgian (ka) and Kabyle (kab) locales
- Support saving passwords for forms without ‘submit’ events
- Improved video performance for users without GPU acceleration
- Zoom indicator is shown in the URL bar if the zoom level is not at
default level
- View passwords from the prompt before saving them
- Remove Belarusian (be) locale
- Use Skia for content rendering (Linux)
- Improve recognition of LANGUAGE env variable (boo#1017174)
- Multiprocess incompatibility did not correctly register with some
add-ons (bmo#1333423)