Mozilla Firefox was updated to the 24.3.0ESR security
release.
The following security issues have been fixed:
MFSA 2014-01: Memory safety bugs fixed in Firefox ESR
24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)
MFSA 2014-02: Using XBL scopes its possible to
steal(clone) native anonymous content
(CVE-2014-1479)(bnc#862348)
MFSA 2014-03: Download "open file" dialog delay is
too quick, doesn’t prevent clickjacking (CVE-2014-1480)
MFSA 2014-04: Image decoding causing FireFox to crash
with Goo Create (CVE-2014-1482)(bnc#862356)
MFSA 2014-05: caretPositionFromPoint and
elementFromPoint leak information about iframe contents via
timing information (CVE-2014-1483)(bnc#862360)
MFSA 2014-06: Fennec leaks profile path to logcat
(CVE-2014-1484)
MFSA 2014-07: CSP should block XSLT as script, not as
style (CVE-2014-1485)
MFSA 2014-08: imgRequestProxy Use-After-Free Remote
Code Execution Vulnerability (CVE-2014-1486)
MFSA 2014-09: Cross-origin information disclosure
with error message of Web Workers (CVE-2014-1487)
MFSA 2014-10: settings & history ID bug
(CVE-2014-1489)
MFSA 2014-11: Firefox reproducibly crashes when using
asm.js code in workers and transferable objects
(CVE-2014-1488)
MFSA 2014-12: TOCTOU, potential use-after-free in
libssl’s session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH
value (CVE-2014-1491)(bnc#862289)
MFSA 2014-13: Inconsistent this value when invoking
getters on window (CVE-2014-1481)(bnc#862309)
Also Mozilla NSS was updated to 3.15.4 release.