Description
This update for MozillaFirefox and mozilla-nss fixes the following issues:
MozillaFirefox was updated to version 49.0 (boo#999701)
- New features
* Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins
* Added features to Reader Mode that make it easier on the eyes and the ears
* Improved video performance for users on systems that support SSE3
without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
- Security related fixes
* MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -
Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad
cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276
(bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274
(bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in
nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -
global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278
(bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available to
web pages after drag and drop CVE-2016-5280 (bmo#1289970) -
Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
from non-whitelisted schemes CVE-2016-5283 (bmo#928187) -
fragment timing attack can reveal cross-origin data CVE-2016-5284
(bmo#1303127) - Add-on update site certificate pin expiration
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -
Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- requires NSS 3.25