This update to Mozilla Firefox 47 fixes the following issues (boo#983549):
Security fixes:
- CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards (boo#983638 MFSA 2016-49)
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA 2016-50)
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (boo#983653 MFSA 2016-51)
- CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652 MFSA 2016-52)
- CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA 2016-53)
- CVE-2016-2825: Partial same-origin-policy through setting location.host through data URI (boo#983649 MFSA 2016-54)
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (boo#983646 MFSA 2016-56)
- CVE-2016-2829: Incorrect icon displayed on permissions notifications (boo#983644 MFSA 2016-57)
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (boo#983643 MFSA 2016-58)
- CVE-2016-2832: Information disclosure of disabled plugins through CSS pseudo-classes (boo#983632 MFSA 2016-59)
- CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA 2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
- CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not installed
- View and search open tabs from your smartphone or another computer in a sidebar
- Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
- boo#981695: cleanup configure options, notably removing GStreamer support which is gone from FF
- boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
- ChaCha20/Poly1305 cipher and TLS cipher suites now supported
- The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers
- Submitted by Wolfgang Rosenauer (wrosenauer)