May 8, 2017 Andrey Cherepanov 52.1.1-alt1
- New ESR version (52.1.1)
- Set plugin.load_flash_only setting to false to allow use all NPAPI plugins
- Security fixes since 52.0:
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5031: Use after free in ANGLE
+ CVE-2017-5428: integer overflow in createImageBitmap()
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR
+ CVE-2017-5435: Use-after-free during transaction processing in the
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during
+ CVE-2017-5444: Buffer overflow while parsing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ CVE-2017-5455: Sandbox escape through internal feed reader APIs
+ CVE-2017-5456: Sandbox escape allowing local file system access
+ CVE-2017-5464: Memory corruption with accessibility and DOM
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html
+ CVE-2017-5467: Memory corruption when drawing Skia content