[3.4] firefox-esr: Multiple vulnerabilities (CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2828, CVE-2016-2831)
Upgrade to Firefox ESR 45.2
- Memory safety bugs fixed in Firefox ESR 45.2 and Firefox 47 (CVE-2016-2818)
- HTML5 parser heap-buffer-overflow (CVE-2016-2819)
- Heap-use-after-free mozilla::dom::Element (CVE-2016-2821)
- Firefox Navigation from a page with an active dropdown menu can be used for spoofing (CVE-2016-2822)
- Crash in TSymbolTableLevel::~TSymbolTableLevel (CVE-2016-2824)
- Crash when zooming out on a three.js demo (CVE-2016-2828)
- mozRequestFullScreen + mozRequestPointerLock: bypassing pointer lock permission (CVE-2016-2831)
References:
https://www.mozilla.org/en-US/security/advisories/
(from redmine: issue id 5738, created on 2016-06-17, closed on 2016-06-27)
- Relations:
- parent #5736 (closed)
- Changesets:
- Revision e167aa61 by Natanael Copa on 2016-06-24T12:30:37Z:
community/firefox-esr: upgrade to 45.2.0
fixes #5738