Description
This patch contains updates for
- Firefox to 23.0
- xulrunner to 17.0.8esr
- Thunderbird to 17.0.8
- mozilla-nspr to 4.10
- mozilla-nss to 3.15,1
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system