[3.5] firefox-esr: Multiple vulnerabilities (CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2828, CVE-2016-2831)
Upgrade to Firefox ESR 45.2
- Memory safety bugs fixed in Firefox ESR 45.2 and Firefox 47 (CVE-2016-2818)
- HTML5 parser heap-buffer-overflow (CVE-2016-2819)
- Heap-use-after-free mozilla::dom::Element (CVE-2016-2821)
- Firefox Navigation from a page with an active dropdown menu can be used for spoofing (CVE-2016-2822)
- Crash in TSymbolTableLevel::~TSymbolTableLevel (CVE-2016-2824)
- Crash when zooming out on a three.js demo (CVE-2016-2828)
- mozRequestFullScreen + mozRequestPointerLock: bypassing pointer lock permission (CVE-2016-2831)
References:
https://www.mozilla.org/en-US/security/advisories/
(from redmine: issue id 5737, created on 2016-06-17, closed on 2016-06-27)
- Relations:
- parent #5736 (closed)
- Changesets:
- Revision 605b31ab by Natanael Copa on 2016-06-24T11:48:41Z:
community/firefox-esr: upgrade to 45.2.0
fixes #5737