Security update for Mozilla Firefox (important)

Mozilla Firefox was updated to the 24.3.0ESR security
release.

The following security issues have been fixed:

MFSA 2014-01: Memory safety bugs fixed in Firefox ESR
24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)

MFSA 2014-02: Using XBL scopes its possible to
steal(clone) native anonymous content
(CVE-2014-1479)(bnc#862348)

MFSA 2014-03: Download "open file" dialog delay is
too quick, doesn’t prevent clickjacking (CVE-2014-1480)

MFSA 2014-04: Image decoding causing FireFox to crash
with Goo Create (CVE-2014-1482)(bnc#862356)

MFSA 2014-05: caretPositionFromPoint and
elementFromPoint leak information about iframe contents via
timing information (CVE-2014-1483)(bnc#862360)

MFSA 2014-06: Fennec leaks profile path to logcat
(CVE-2014-1484)

MFSA 2014-07: CSP should block XSLT as script, not as
style (CVE-2014-1485)

MFSA 2014-08: imgRequestProxy Use-After-Free Remote
Code Execution Vulnerability (CVE-2014-1486)

MFSA 2014-09: Cross-origin information disclosure
with error message of Web Workers (CVE-2014-1487)

MFSA 2014-10: settings & history ID bug
(CVE-2014-1489)

MFSA 2014-11: Firefox reproducibly crashes when using
asm.js code in workers and transferable objects
(CVE-2014-1488)

MFSA 2014-12: TOCTOU, potential use-after-free in
libssl’s session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH
value (CVE-2014-1491)(bnc#862289)

MFSA 2014-13: Inconsistent this value when invoking
getters on window (CVE-2014-1481)(bnc#862309)

Also Mozilla NSS was updated to 3.15.4 release.

• required for Firefox 27
• regular CA root store update (1.96)
• some OSCP improvments
• other bugfixes